From 3d6eb29a93eaf50af588102e84f62bb99fe6db8b Mon Sep 17 00:00:00 2001
From: Tom Russell <tomalrussell@gmail.com>
Date: Wed, 8 Aug 2018 09:05:58 +0100
Subject: [PATCH] Limit database user capabilities per app

---
 migrations/README.md | 51 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/migrations/README.md b/migrations/README.md
index b4d9fbb3..45337ef1 100644
--- a/migrations/README.md
+++ b/migrations/README.md
@@ -11,3 +11,54 @@ $ psql "host={hostname} user={username} port=5432 sslmode=require dbname=postgre
 > \q
 $ psql "host={hostname} user={username} port=5432 sslmode=require dbname=colouringlondon" < 001.create-core.up.sql
 ```
+
+Create app users
+
+```sql
+-- role for server-side of front end (HTTP POST)
+CREATE ROLE frontend WITH LOGIN;
+-- create/update, authenticate and authorise users
+GRANT SELECT, UPDATE, INSERT ON TABLE users TO frontend;
+-- read/write building data
+GRANT SELECT, UPDATE, INSERT ON TABLE buildings TO frontend;
+-- read geometry data
+GRANT SELECT ON TABLE geometries TO frontend;
+-- read/append to logs
+GRANT SELECT, INSERT ON TABLE log to frontend;
+-- use id sequences
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public to frontend;
+-- use postgis/pgcrypto functions
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO frontend;
+
+-- role for /api routes (may be AJAX from web client, or 3rd-party client with key)
+CREATE ROLE apiserver WITH LOGIN;
+-- need to authenticate and authorize users
+GRANT SELECT ON TABLE users TO apiserver;
+-- read/write building data
+GRANT SELECT, UPDATE, INSERT ON TABLE buildings TO apiserver;
+-- read geometry data
+GRANT SELECT ON TABLE geometries TO apiserver;
+-- read/append to logs
+GRANT SELECT, INSERT ON TABLE log to apiserver;
+-- use id sequences
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public to apiserver;
+-- use postgis/pgcrypto functions
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO apiserver;
+
+-- role for /tiles routes
+CREATE ROLE tileserver WITH LOGIN;
+-- read building and geometry data
+GRANT SELECT ON TABLE geometries, buildings TO tileserver;
+-- use id sequences
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public to tileserver;
+-- use postgis functions
+GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO tileserver;
+```
+
+Set or update passwords
+
+```bash
+psql -c "ALTER USER frontend WITH PASSWORD 'longsecurerandompassword1';"
+psql -c "ALTER USER apiserver WITH PASSWORD 'longsecurerandompassword2';"
+psql -c "ALTER USER tileserver WITH PASSWORD 'longsecurerandompassword3';"
+```