more newgrants fixes.

mostly works now.

only problem is that londiste_writer needs to be
superuser because of session_replication_role.
That can be fixed with secdef function, but that
means code needs to be installed separately.

3 files changed, 37 insertions, 7 deletions

diff --git a/sql/londiste/structure/grants.ini b/sql/londiste/structure/grants.ini
index df88dacc..ca2a3765 100644
--- a/sql/londiste/structure/grants.ini
+++ b/sql/londiste/structure/grants.ini
@@ -1,13 +1,13 @@
 
 [GrantFu]
 # roles that we maintain in this file
-roles = londiste_writer, londiste_reader, public
+roles = londiste_writer, londiste_reader, public, pgq_admin
 
 
 [1.tables]
 on.tables = londiste.table_info, londiste.seq_info, londiste.pending_fkeys, londiste.applied_execute
 
-londiste_writer = select, insert, update, delete
+pgq_admin = select, insert, update, delete
 londiste_reader = select
 
 # backwards compat, should be dropped?
@@ -25,10 +25,20 @@ londiste_reader = execute
 londiste_writer = execute
 
 
-[3.local.node]
+[4.local.node]
 on.functions = %(londiste_local_fns)s, %(londiste_internal_fns)s
 londiste_writer = execute
 
+[5.seqs]
+londiste_writer = usage
+on.sequences =
+	londiste.table_info_nr_seq,
+	londiste.seq_info_nr_seq
+
+[6.maint]
+pgq_admin = execute
+on.functions = londiste.periodic_maintenance()
+
 
 # define various groups of functions
 [DEFAULT]
@@ -86,5 +96,7 @@ londiste_local_fns =
 	londiste.drop_table_triggers(text, text),
 	londiste.table_info_trigger(),
 	londiste.create_partition(text, text, text, text, timestamptz, text),
-	londiste.drop_obsolete_partitions (text, interval, text)
+	londiste.drop_obsolete_partitions (text, interval, text),
+	londiste.create_trigger(text,text,text[],text,text)
+
 
diff --git a/sql/pgq/structure/grants.ini b/sql/pgq/structure/grants.ini
index 451695da..f44aebcc 100644
--- a/sql/pgq/structure/grants.ini
+++ b/sql/pgq/structure/grants.ini
@@ -28,12 +28,20 @@ pgq_reader = select
 public = select
 
 [5.event.tables]
-on.tables = pgq.event_template, pgq.retry_queue
+on.tables = pgq.event_template
 pgq_reader = select
 
 # drop public access to events
 public =
 
+[6.retry.event]
+on.tables = pgq.retry_queue
+pgq_reader = select
+pgq_admin = select, insert, update, delete
+
+# drop public access to events
+public =
+
 
 #
 # define various groups of functions
diff --git a/sql/pgq_node/structure/grants.ini b/sql/pgq_node/structure/grants.ini
index d1cc4558..7c364fbb 100644
--- a/sql/pgq_node/structure/grants.ini
+++ b/sql/pgq_node/structure/grants.ini
@@ -28,10 +28,22 @@ pgq_admin = execute
 on.functions = %(pgq_node_admin_fns)s
 pgq_admin = execute
 
+[5.tables]
+pgq_reader = select
+pgq_writer = select
+pgq_admin = select, insert, update, delete
+on.tables =
+	pgq_node.node_location,
+	pgq_node.node_info,
+	pgq_node.local_state,
+	pgq_node.subscriber_info
+
 # define various groups of functions
 [DEFAULT]
 
 pgq_node_remote_fns =
+	pgq_node.get_consumer_info(text),
+	pgq_node.get_consumer_state(text, text),
 	pgq_node.get_queue_locations(text),
 	pgq_node.get_node_info(text),
 	pgq_node.get_subscriber_info(text),
@@ -49,8 +61,6 @@ pgq_node_admin_fns =
 	pgq_node.maint_watermark(text)
 
 pgq_node_consumer_fns =
-	pgq_node.get_consumer_info(text),
-	pgq_node.get_consumer_state(text, text),
 	pgq_node.register_consumer(text, text, text, int8),
 	pgq_node.unregister_consumer(text, text),
 	pgq_node.change_consumer_provider(text, text, text),