github.com/letsencrypt/boulder@v0.20251208.0/sa/db-users/boulder_sa.sql

github.com/letsencrypt/boulder@v0.20251208.0/sa/db-users/boulder_sa.sql (about)

     1  -- this file is run by test/create_db.sh to create users for each
     2  -- component with the appropriate permissions.
     3  
     4  -- These lines require MariaDB 10.1+
     5  CREATE USER IF NOT EXISTS 'policy'@'localhost';
     6  CREATE USER IF NOT EXISTS 'sa'@'localhost';
     7  CREATE USER IF NOT EXISTS 'sa_ro'@'localhost';
     8  CREATE USER IF NOT EXISTS 'revoker'@'localhost';
     9  CREATE USER IF NOT EXISTS 'importer'@'localhost';
    10  CREATE USER IF NOT EXISTS 'mailer'@'localhost';
    11  CREATE USER IF NOT EXISTS 'cert_checker'@'localhost';
    12  CREATE USER IF NOT EXISTS 'test_setup'@'localhost';
    13  CREATE USER IF NOT EXISTS 'badkeyrevoker'@'localhost';
    14  CREATE USER IF NOT EXISTS 'proxysql'@'localhost';
    15  
    16  -- Storage Authority
    17  GRANT SELECT,INSERT ON certificates TO 'sa'@'localhost';
    18  GRANT SELECT,INSERT,UPDATE ON certificateStatus TO 'sa'@'localhost';
    19  GRANT SELECT,INSERT ON issuedNames TO 'sa'@'localhost';
    20  GRANT SELECT,INSERT,UPDATE ON registrations TO 'sa'@'localhost';
    21  GRANT SELECT,INSERT on fqdnSets TO 'sa'@'localhost';
    22  GRANT SELECT,INSERT,UPDATE ON orders TO 'sa'@'localhost';
    23  GRANT SELECT,INSERT,DELETE ON orderFqdnSets TO 'sa'@'localhost';
    24  GRANT SELECT,INSERT,UPDATE ON authz2 TO 'sa'@'localhost';
    25  GRANT SELECT,INSERT ON orderToAuthz2 TO 'sa'@'localhost';
    26  GRANT INSERT,SELECT ON serials TO 'sa'@'localhost';
    27  GRANT SELECT,INSERT ON precertificates TO 'sa'@'localhost';
    28  GRANT SELECT,INSERT ON keyHashToSerial TO 'sa'@'localhost';
    29  GRANT SELECT,INSERT ON blockedKeys TO 'sa'@'localhost';
    30  GRANT SELECT ON incidents TO 'sa'@'localhost';
    31  GRANT SELECT,INSERT,UPDATE ON crlShards TO 'sa'@'localhost';
    32  GRANT SELECT,INSERT,UPDATE ON revokedCertificates TO 'sa'@'localhost';
    33  GRANT SELECT,INSERT,UPDATE ON replacementOrders TO 'sa'@'localhost';
    34  GRANT SELECT,INSERT,UPDATE ON overrides TO 'sa'@'localhost';
    35  -- Tests need to be able to remove rows from this table, so DELETE,DROP is necessary.
    36  GRANT SELECT,INSERT,UPDATE,DELETE,DROP ON paused TO 'sa'@'localhost';
    37  
    38  GRANT SELECT ON certificates TO 'sa_ro'@'localhost';
    39  GRANT SELECT ON certificateStatus TO 'sa_ro'@'localhost';
    40  GRANT SELECT ON issuedNames TO 'sa_ro'@'localhost';
    41  GRANT SELECT ON registrations TO 'sa_ro'@'localhost';
    42  GRANT SELECT on fqdnSets TO 'sa_ro'@'localhost';
    43  GRANT SELECT ON orders TO 'sa_ro'@'localhost';
    44  GRANT SELECT ON orderFqdnSets TO 'sa_ro'@'localhost';
    45  GRANT SELECT ON authz2 TO 'sa_ro'@'localhost';
    46  GRANT SELECT ON orderToAuthz2 TO 'sa_ro'@'localhost';
    47  GRANT SELECT ON serials TO 'sa_ro'@'localhost';
    48  GRANT SELECT ON precertificates TO 'sa_ro'@'localhost';
    49  GRANT SELECT ON keyHashToSerial TO 'sa_ro'@'localhost';
    50  GRANT SELECT ON blockedKeys TO 'sa_ro'@'localhost';
    51  GRANT SELECT ON incidents TO 'sa_ro'@'localhost';
    52  GRANT SELECT ON crlShards TO 'sa_ro'@'localhost';
    53  GRANT SELECT ON revokedCertificates TO 'sa_ro'@'localhost';
    54  GRANT SELECT ON replacementOrders TO 'sa_ro'@'localhost';
    55  GRANT SELECT ON paused TO 'sa_ro'@'localhost';
    56  GRANT SELECT ON overrides TO 'sa_ro'@'localhost';
    57  
    58  -- Revoker Tool
    59  GRANT SELECT,UPDATE ON registrations TO 'revoker'@'localhost';
    60  GRANT SELECT ON certificates TO 'revoker'@'localhost';
    61  GRANT SELECT ON precertificates TO 'revoker'@'localhost';
    62  GRANT SELECT ON keyHashToSerial TO 'revoker'@'localhost';
    63  GRANT SELECT,UPDATE ON blockedKeys TO 'revoker'@'localhost';
    64  
    65  -- Expiration mailer
    66  GRANT SELECT ON certificates TO 'mailer'@'localhost';
    67  GRANT SELECT ON registrations TO 'mailer'@'localhost';
    68  GRANT SELECT,UPDATE ON certificateStatus TO 'mailer'@'localhost';
    69  GRANT SELECT ON fqdnSets TO 'mailer'@'localhost';
    70  
    71  -- Cert checker
    72  GRANT SELECT ON certificates TO 'cert_checker'@'localhost';
    73  GRANT SELECT ON authz2 TO 'cert_checker'@'localhost';
    74  GRANT SELECT ON precertificates TO 'cert_checker'@'localhost';
    75  
    76  -- Bad Key Revoker
    77  GRANT SELECT,UPDATE ON blockedKeys TO 'badkeyrevoker'@'localhost';
    78  GRANT SELECT ON keyHashToSerial TO 'badkeyrevoker'@'localhost';
    79  GRANT SELECT ON certificateStatus TO 'badkeyrevoker'@'localhost';
    80  GRANT SELECT ON precertificates TO 'badkeyrevoker'@'localhost';
    81  GRANT SELECT ON registrations TO 'badkeyrevoker'@'localhost';
    82  
    83  -- ProxySQL --
    84  GRANT ALL PRIVILEGES ON monitor TO 'proxysql'@'localhost';
    85  
    86  -- Test setup and teardown
    87  GRANT ALL PRIVILEGES ON * to 'test_setup'@'localhost';