launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #03436
[Merge] lp:~jcsackett/launchpad/alphabetize-security-settings into lp:launchpad
j.c.sackett has proposed merging lp:~jcsackett/launchpad/alphabetize-security-settings into lp:launchpad.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~jcsackett/launchpad/alphabetize-security-settings/+merge/58992
Summary
=======
We removed a bunch of duplicate permissions from security.cfg, but they were introduced (mostly) by bad merges, and that can happen again. To make it easier for bzr to merge sensibly and to make it easier for developers to figure out if a setting already exists, each config block in security.cfg should be alphabetized, as we do with imports (for much the same reason).
Since we already had an audit utility to find dupes, expanding that to alphabetize seems sensible.
Preimplementation
=================
Spoke with Curtis Hovey
Implementation
==============
database/schema/security.cfg
----------------------------
Alphabetized settings in each config block, and removed another duplicate introduced since dupes were removed last week. Added some comments in the header of the file to explain the permissions that are set to nothing. Comments within the blocks are lost, but per discussion with Curtis Hovey merge errors and so forth have largely rendered them out of data anyway.
lib/lp/scripts/utilities/settingsauditor.py
utilities/audit-security-settings.py
------------------------------------
Broke out the settings auditor into its own file, and expanded it to process each config block separately, both alphabetizing the permission settings and reporting on duplicates it finds in the file. It still doesn't automatically remove the settings, as a human may still need to determine which setting should be kept.
lib/lp/scripts/utilities/tests/test_audit_security_settings.py
--------------------------------------------------------------
Tests.
Tests
=====
bin/test -vvct test_audit
QA
==
qa-untestable
Lint
====
= Launchpad lint =
Checking for conflicts and issues in changed files.
Linting changed files:
= Launchpad lint =
Checking for conflicts and issues in changed files.
Linting changed files:
database/schema/security.cfg
lib/lp/scripts/utilities/settingsauditor.py
lib/lp/scripts/utilities/tests/test_audit_security_settings.py
utilities/audit-security-settings.py
./database/schema/security.cfg
705: Line exceeds 78 characters.
706: Line exceeds 78 characters.
707: Line exceeds 78 characters.
734: Line exceeds 78 characters.
736: Line exceeds 78 characters.
789: Line exceeds 78 characters.
798: Line exceeds 78 characters.
803: Line exceeds 78 characters.
814: Line exceeds 78 characters.
837: Line exceeds 78 characters.
850: Line exceeds 78 characters.
851: Line exceeds 78 characters.
860: Line exceeds 78 characters.
881: Line exceeds 78 characters.
882: Line exceeds 78 characters.
890: Line exceeds 78 characters.
911: Line exceeds 78 characters.
986: Line exceeds 78 characters.
996: Line exceeds 78 characters.
997: Line exceeds 78 characters.
./utilities/audit-security-settings.py
16: '_pythonpath' imported but unused
./database/schema/security.cfg
705: Line exceeds 78 characters.
706: Line exceeds 78 characters.
707: Line exceeds 78 characters.
734: Line exceeds 78 characters.
736: Line exceeds 78 characters.
789: Line exceeds 78 characters.
798: Line exceeds 78 characters.
803: Line exceeds 78 characters.
814: Line exceeds 78 characters.
837: Line exceeds 78 characters.
850: Line exceeds 78 characters.
851: Line exceeds 78 characters.
860: Line exceeds 78 characters.
881: Line exceeds 78 characters.
882: Line exceeds 78 characters.
890: Line exceeds 78 characters.
911: Line exceeds 78 characters.
986: Line exceeds 78 characters.
996: Line exceeds 78 characters.
997: Line exceeds 78 characters.
./utilities/audit-security-settings.py
16: '_pythonpath' imported but unused
--
https://code.launchpad.net/~jcsackett/launchpad/alphabetize-security-settings/+merge/58992
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~jcsackett/launchpad/alphabetize-security-settings into lp:launchpad.
=== modified file 'database/schema/security.cfg'
--- database/schema/security.cfg 2011-04-21 14:01:20 +0000
+++ database/schema/security.cfg 2011-04-25 20:27:32 +0000
@@ -6,107 +6,92 @@
# Note that we can't have INSERT only tables if we are using SQLObject, as it
# creates new entries by first doing an insert (to get the id) and then
# issuing an update
+#
+# Permission can also be set to empty (e.g. "foo.bar =" as a permission) to
+# explicity silence security.py warnings.
[DEFAULT]
-# Objects in these schemas are publicly readable or executable. *not* writable
public_schemas=ts2
[public]
-# The public role is automatically granted to all users by PostgreSQL
-type=group
+public._killall_backends(text) =
public.activity() = EXECUTE
-public.person_sort_key(text, text) = EXECUTE
+public.add_test_openid_identifier(integer) = EXECUTE
+public.alllocks =
+public.assert_patch_applied(integer, integer, integer) = EXECUTE
+public.bug_update_latest_patch_uploaded(integer) =
+public.bugnotificationarchive =
public.calculate_bug_heat(integer) = EXECUTE
public.cursor_fetch(refcursor, integer) = EXECUTE
+public.databasediskutilization =
+public.debversion(character) = EXECUTE
+public.debversion_cmp(debversion, debversion) = EXECUTE
+public.debversion_eq(debversion, debversion) = EXECUTE
+public.debversion_ge(debversion, debversion) = EXECUTE
+public.debversion_gt(debversion, debversion) = EXECUTE
+public.debversion_hash(debversion) = EXECUTE
+public.debversion_larger(debversion, debversion) = EXECUTE
+public.debversion_le(debversion, debversion) = EXECUTE
+public.debversion_lt(debversion, debversion) = EXECUTE
+public.debversion_ne(debversion, debversion) = EXECUTE
+public.debversion_smaller(debversion, debversion) = EXECUTE
public.debversion_sort_key(text) = EXECUTE
-public.milestone_sort_key(timestamp without time zone, text) = EXECUTE
-public.version_sort_key(text) = EXECUTE
-public.null_count(anyarray) = EXECUTE
-public.valid_name(text) = EXECUTE
-public.valid_bug_name(text) = EXECUTE
-public.valid_branch_name(text) = EXECUTE
-public.valid_debian_version(text) = EXECUTE
-public.valid_cve(text) = EXECUTE
-public.valid_absolute_url(text) = EXECUTE
-public.valid_fingerprint(text) = EXECUTE
-public.valid_keyid(text) = EXECUTE
-public.valid_regexp(text) = EXECUTE
-public.sane_version(text) = EXECUTE
-public.sha1(text) = EXECUTE
+public.debversionin(cstring) = EXECUTE
+public.debversionout(debversion) = EXECUTE
+public.debversionrecv(internal) = EXECUTE
+public.debversionsend(debversion) = EXECUTE
+public.exclusivelocks =
+public.featureflag = SELECT
+public.fticache =
+public.generate_openid_identifier() = EXECUTE
+public.getlocalnodeid() = EXECUTE
public.is_blacklisted_name(text, integer) = EXECUTE
public.is_person(text) = EXECUTE
+public.is_printable_ascii(text) = EXECUTE
public.is_team(integer) = EXECUTE
public.is_team(text) = EXECUTE
-public.is_printable_ascii(text) = EXECUTE
+public.latestdatabasediskutilization =
public.launchpaddatabaserevision = SELECT
-public.name_blacklist_match(text, integer) = EXECUTE
-public.pillarname = SELECT
-public.ulower(text) = EXECUTE
-public.generate_openid_identifier() = EXECUTE
-public.getlocalnodeid() = EXECUTE
-public.replication_lag() = EXECUTE
-public.replication_lag(integer) = EXECUTE
-public.assert_patch_applied(integer, integer, integer) = EXECUTE
-# Explicitly state 'no permissions on these objects' to silence
-# security.py warnings.
-public.fticache =
-public.databasediskutilization =
-public.latestdatabasediskutilization =
-public.update_database_disk_utilization() =
-public._killall_backends(text) =
-public.exclusivelocks =
-public.alllocks =
-public.pgstattuple(oid) =
-public.pgstattuple(text) =
-public.bugnotificationarchive =
public.lp_account =
public.lp_openididentifier =
+public.lp_person =
public.lp_personlocation =
-public.lp_person =
public.lp_teamparticipation =
-public.bug_update_latest_patch_uploaded(integer) =
-# the currently active feature flags can be read by anyone
-public.featureflag = SELECT
-# Tests calling factory methods need to be able to create working
-# accounts. We don't directly grant access to the OpenIdIdentifier table
-# to the users these tests are running as we want to minimize the number
-# of database users that can subvert accounts. Instead, we use a stored
-# procedure. OpenId Identifiers created using this stored procedure are
-# only useable by the test suite.
-public.add_test_openid_identifier(integer) = EXECUTE
-
-# Functions introduced by the posgresql-debversion package.
-public.debversionin(cstring) = EXECUTE
-public.debversionout(debversion) = EXECUTE
-public.debversionrecv(internal) = EXECUTE
-public.debversionsend(debversion) = EXECUTE
-public.debversion(character) = EXECUTE
-public.debversion_cmp(debversion, debversion) = EXECUTE
-public.debversion_eq(debversion, debversion) = EXECUTE
-public.debversion_ne(debversion, debversion) = EXECUTE
-public.debversion_lt(debversion, debversion) = EXECUTE
-public.debversion_gt(debversion, debversion) = EXECUTE
-public.debversion_le(debversion, debversion) = EXECUTE
-public.debversion_ge(debversion, debversion) = EXECUTE
-public.debversion_hash(debversion) = EXECUTE
public.max(debversion) = EXECUTE
+public.milestone_sort_key(timestamp without time zone, text) = EXECUTE
public.min(debversion) = EXECUTE
-public.debversion_smaller(debversion, debversion) = EXECUTE
-public.debversion_larger(debversion, debversion) = EXECUTE
+public.name_blacklist_match(text, integer) = EXECUTE
+public.null_count(anyarray) = EXECUTE
+public.person_sort_key(text, text) = EXECUTE
+public.pgstattuple(oid) =
+public.pgstattuple(text) =
+public.pillarname = SELECT
+public.replication_lag() = EXECUTE
+public.replication_lag(integer) = EXECUTE
+public.sane_version(text) = EXECUTE
+public.sha1(text) = EXECUTE
+public.ulower(text) = EXECUTE
+public.update_database_disk_utilization() =
+public.valid_absolute_url(text) = EXECUTE
+public.valid_branch_name(text) = EXECUTE
+public.valid_bug_name(text) = EXECUTE
+public.valid_cve(text) = EXECUTE
+public.valid_debian_version(text) = EXECUTE
+public.valid_fingerprint(text) = EXECUTE
+public.valid_keyid(text) = EXECUTE
+public.valid_name(text) = EXECUTE
+public.valid_regexp(text) = EXECUTE
+public.version_sort_key(text) = EXECUTE
+type=group
[ro]
-# A user with full readonly access to the database. Generally used for
-# interactive querying
-type=user
groups=read
+type=user
[testadmin]
-# A user with full admin privileges used by the test suite
-type=user
groups=admin
+type=user
[launchpad_main]
-# lpmain replication set access from the main Z3 application.
-type=user
groups=write,script
public.account = SELECT, INSERT, UPDATE, DELETE
public.accountpassword = SELECT, INSERT, UPDATE, DELETE
@@ -114,23 +99,23 @@
public.answercontact = SELECT, INSERT, UPDATE, DELETE
public.apportjob = SELECT, INSERT, UPDATE, DELETE
public.archive = SELECT, INSERT, UPDATE
+public.archivearch = SELECT, INSERT, UPDATE, DELETE
public.archiveauthtoken = SELECT, INSERT, UPDATE
+public.archivedependency = SELECT, INSERT, DELETE
public.archivejob = SELECT, INSERT, UPDATE, DELETE
+public.archivepermission = SELECT, INSERT, UPDATE, DELETE
public.archivesubscriber = SELECT, INSERT, UPDATE
-public.archivearch = SELECT, INSERT, UPDATE, DELETE
-public.archivedependency = SELECT, INSERT, DELETE
-public.archivepermission = SELECT, INSERT, UPDATE, DELETE
public.authtoken = SELECT, INSERT, UPDATE, DELETE
public.binaryandsourcepackagenameview = SELECT
public.binarypackagepublishinghistory = SELECT
public.binarypackagereleasedownloadcount= SELECT, INSERT, UPDATE
public.bountysubscription = SELECT, INSERT, UPDATE, DELETE
-public.branchrevision = SELECT, INSERT, UPDATE, DELETE
public.branch = SELECT, INSERT, UPDATE, DELETE
public.branchjob = SELECT, INSERT, UPDATE, DELETE
public.branchmergeproposal = SELECT, INSERT, UPDATE, DELETE
public.branchmergeproposaljob = SELECT, INSERT, UPDATE, DELETE
public.branchmergequeue = SELECT, INSERT, UPDATE, DELETE
+public.branchrevision = SELECT, INSERT, UPDATE, DELETE
public.branchsubscription = SELECT, INSERT, UPDATE, DELETE
public.branchvisibilitypolicy = SELECT, INSERT, UPDATE, DELETE
public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
@@ -140,14 +125,14 @@
public.bugjob = SELECT, INSERT, UPDATE, DELETE
public.bugnomination = SELECT, UPDATE
public.bugnotification = SELECT, INSERT, UPDATE, DELETE
+public.bugnotificationattachment = SELECT, INSERT
public.bugnotificationfilter = SELECT, INSERT, UPDATE, DELETE
-public.bugnotificationattachment = SELECT, INSERT
public.bugnotificationrecipient = SELECT, INSERT, UPDATE, DELETE
public.bugnotificationrecipientarchive = SELECT, UPDATE
public.bugtag = SELECT, INSERT, DELETE
-public.bugtrackerperson = SELECT, UPDATE
public.bugtrackercomponent = SELECT, INSERT, UPDATE
public.bugtrackercomponentgroup = SELECT, INSERT, UPDATE
+public.bugtrackerperson = SELECT, UPDATE
public.bugwatchactivity = SELECT, INSERT, UPDATE
public.buildfarmjob = DELETE
public.codeimport = SELECT, INSERT, UPDATE, DELETE
@@ -160,9 +145,9 @@
public.codereviewvote = SELECT, INSERT, UPDATE, DELETE
public.commercialsubscription = SELECT, INSERT, UPDATE, DELETE
public.continent = SELECT
+public.customlanguagecode = SELECT, INSERT, UPDATE, DELETE
+public.cve = SELECT, INSERT, UPDATE
public.cvereference = SELECT, INSERT
-public.cve = SELECT, INSERT, UPDATE
-public.customlanguagecode = SELECT, INSERT, UPDATE, DELETE
public.databasereplicationlag = SELECT
public.diff = SELECT, INSERT, UPDATE
public.distributionbounty = SELECT, INSERT, UPDATE
@@ -177,26 +162,27 @@
public.emailaddress = SELECT, INSERT, UPDATE, DELETE
public.entitlement = SELECT, INSERT, UPDATE, DELETE
public.faq = SELECT, INSERT, UPDATE, DELETE
+public.featuredproject = SELECT, INSERT, DELETE
public.featureflag = SELECT, INSERT, UPDATE, DELETE
public.featureflagchangelogentry = SELECT, INSERT, UPDATE
-public.featuredproject = SELECT, INSERT, DELETE
+public.flatpackagesetinclusion = SELECT, INSERT, UPDATE, DELETE
+public.hwdevice = SELECT
+public.hwdeviceclass = SELECT, INSERT, DELETE
public.hwdevicedriverlink = SELECT
public.hwdevicenamevariant = SELECT
-public.hwdevice = SELECT
-public.hwdeviceclass = SELECT, INSERT, DELETE
public.hwdriver = SELECT, INSERT
public.hwdrivernames = SELECT
public.hwdriverpackagenames = SELECT
-public.hwsubmissiondevice = SELECT
public.hwsubmission = SELECT, INSERT, UPDATE
public.hwsubmissionbug = SELECT, INSERT, UPDATE, DELETE
+public.hwsubmissiondevice = SELECT
public.hwsystemfingerprint = SELECT, INSERT
+public.hwtest = SELECT
+public.hwtestanswer = SELECT
public.hwtestanswerchoice = SELECT
+public.hwtestanswercount = SELECT
public.hwtestanswercountdevice = SELECT
-public.hwtestanswercount = SELECT
public.hwtestanswerdevice = SELECT
-public.hwtestanswer = SELECT
-public.hwtest = SELECT
public.hwvendorid = SELECT
public.hwvendorname = SELECT
public.incrementaldiff = SELECT, INSERT, UPDATE, DELETE
@@ -215,8 +201,8 @@
public.mailinglistsubscription = SELECT, INSERT, UPDATE, DELETE
public.mentoringoffer = SELECT, INSERT, UPDATE, DELETE
public.mergedirectivejob = SELECT, INSERT, UPDATE, DELETE
-public.messagechunk = SELECT, INSERT
public.messageapproval = SELECT, INSERT, UPDATE, DELETE
+public.messagechunk = SELECT, INSERT
public.milestone = SELECT, INSERT, UPDATE, DELETE
public.mirrorcdimagedistroseries = SELECT, INSERT, DELETE
public.mirrordistroarchseries = SELECT, INSERT, DELETE, UPDATE
@@ -227,48 +213,46 @@
public.oauthconsumer = SELECT, INSERT
public.oauthnonce = SELECT, INSERT
public.oauthrequesttoken = SELECT, INSERT, UPDATE, DELETE
+public.officialbugtag = SELECT, INSERT, UPDATE, DELETE
public.openidconsumerassociation = SELECT, INSERT, UPDATE, DELETE
public.openidconsumernonce = SELECT, INSERT, UPDATE
public.openididentifier = SELECT, INSERT, UPDATE, DELETE
-public.officialbugtag = SELECT, INSERT, UPDATE, DELETE
public.openidrpconfig = SELECT, INSERT, UPDATE, DELETE
public.packagebugsupervisor = SELECT, INSERT, UPDATE, DELETE
+public.packagebuild = DELETE
public.packagecopyrequest = SELECT, INSERT, UPDATE
-public.packagebuild = DELETE
public.packagediff = SELECT, INSERT, UPDATE, DELETE
public.packageset = SELECT, INSERT, UPDATE, DELETE
public.packagesetgroup = SELECT, INSERT, UPDATE, DELETE
+public.packagesetinclusion = SELECT, INSERT, UPDATE, DELETE
public.packagesetsources = SELECT, INSERT, UPDATE, DELETE
-public.packagesetinclusion = SELECT, INSERT, UPDATE, DELETE
-public.flatpackagesetinclusion = SELECT, INSERT, UPDATE, DELETE
public.packaging = SELECT, INSERT, UPDATE, DELETE
public.packagingjob = SELECT, INSERT, UPDATE
public.personlanguage = SELECT, INSERT, UPDATE, DELETE
public.personlocation = SELECT, INSERT, UPDATE, DELETE
+public.personnotification = SELECT, INSERT, UPDATE, DELETE
public.personsettings = SELECT, INSERT, UPDATE
public.persontransferjob = SELECT, INSERT, UPDATE, DELETE
-public.personnotification = SELECT, INSERT, UPDATE, DELETE
public.pillarname = SELECT, INSERT, DELETE
public.poexportrequest = SELECT, INSERT, UPDATE, DELETE
public.pofiletranslator = SELECT
+public.poll = SELECT, INSERT, UPDATE
public.polloption = SELECT, INSERT, UPDATE, DELETE
-public.poll = SELECT, INSERT, UPDATE
public.potexport = SELECT
public.previewdiff = SELECT, INSERT, UPDATE, DELETE
public.productbounty = SELECT, INSERT, UPDATE
public.productrelease = SELECT, INSERT, UPDATE, DELETE
public.productreleasefile = SELECT, INSERT, DELETE
public.productseriescodeimport = SELECT, INSERT, UPDATE
+public.project = SELECT
+public.projectbounty = SELECT, INSERT, UPDATE
public.publisherconfig = SELECT, INSERT, UPDATE, DELETE
-public.project = SELECT
-public.projectbounty = SELECT, INSERT, UPDATE
+public.question = SELECT, INSERT, UPDATE
public.questionbug = SELECT, INSERT, DELETE
public.questionjob = SELECT, INSERT, UPDATE, DELETE
public.questionmessage = SELECT, INSERT
public.questionreopening = SELECT, INSERT, UPDATE
-public.question = SELECT, INSERT, UPDATE
public.questionsubscription = SELECT, INSERT, UPDATE, DELETE
-public.translationrelicensingagreement = SELECT, INSERT, UPDATE
public.requestedcds = SELECT, INSERT, UPDATE, DELETE
public.revision = SELECT, INSERT, UPDATE
public.revisionauthor = SELECT, INSERT, UPDATE
@@ -276,70 +260,68 @@
public.revisionnumber = SELECT, INSERT
public.revisionparent = SELECT, INSERT
public.scriptactivity = SELECT
+public.seriessourcepackagebranch = SELECT, INSERT, UPDATE, DELETE
public.shipitreport = SELECT, INSERT
public.shipitsurvey = SELECT, INSERT, UPDATE
+public.shipitsurveyanswer = SELECT, INSERT
public.shipitsurveyquestion = SELECT, INSERT
-public.shipitsurveyanswer = SELECT, INSERT
public.shipitsurveyresult = SELECT, INSERT
public.shipment = SELECT, INSERT, UPDATE
public.shippingrequest = SELECT, INSERT, UPDATE, DELETE
public.shippingrun = SELECT, INSERT, UPDATE
+public.sourcepackageformatselection = SELECT
public.sourcepackagepublishinghistory = SELECT
-public.seriessourcepackagebranch = SELECT, INSERT, UPDATE, DELETE
-public.sourcepackageformatselection = SELECT
public.sourcepackagerecipe = SELECT, INSERT, UPDATE, DELETE
public.sourcepackagerecipebuild = SELECT, INSERT, UPDATE, DELETE
public.sourcepackagerecipebuildjob = SELECT, INSERT, UPDATE, DELETE
public.sourcepackagerecipedata = SELECT, INSERT, UPDATE, DELETE
+public.sourcepackagerecipedatainstruction = SELECT, INSERT, UPDATE, DELETE
public.sourcepackagerecipedistroseries = SELECT, INSERT, DELETE
-public.sourcepackagerecipedatainstruction = SELECT, INSERT, UPDATE, DELETE
+public.specification = SELECT, INSERT, UPDATE
public.specificationbranch = SELECT, INSERT, UPDATE, DELETE
public.specificationbug = SELECT, INSERT, DELETE
public.specificationdependency = SELECT, INSERT, DELETE
public.specificationfeedback = SELECT, INSERT, UPDATE, DELETE
public.specificationmessage = SELECT, INSERT
-public.specification = SELECT, INSERT, UPDATE
public.specificationsubscription = SELECT, INSERT, UPDATE, DELETE
public.spokenin = SELECT, INSERT, DELETE
+public.sprint = SELECT, INSERT, UPDATE
public.sprintattendance = SELECT, INSERT, UPDATE, DELETE
-public.sprint = SELECT, INSERT, UPDATE
public.sprintspecification = SELECT, INSERT, UPDATE, DELETE
public.standardshipitrequest = SELECT, INSERT, UPDATE, DELETE
public.staticdiff = SELECT, INSERT, UPDATE
public.structuralsubscription = SELECT, INSERT, UPDATE, DELETE
+public.subunitstream = SELECT, INSERT, UPDATE, DELETE
public.suggestivepotemplate = SELECT, INSERT, DELETE
-public.subunitstream = SELECT, INSERT, UPDATE, DELETE
public.temporaryblobstorage = SELECT, INSERT, DELETE
public.translationgroup = SELECT, INSERT, UPDATE
public.translationimportqueueentry = SELECT, INSERT, UPDATE, DELETE
public.translationmessage = SELECT, INSERT, UPDATE, DELETE
+public.translationrelicensingagreement = SELECT, INSERT, UPDATE
public.translationtemplatesbuild = SELECT, INSERT, UPDATE, DELETE
public.translator = SELECT, INSERT, UPDATE, DELETE
+public.usertouseremail = SELECT, INSERT, UPDATE
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
+public.vote = SELECT, INSERT, UPDATE
public.votecast = SELECT, INSERT
-public.vote = SELECT, INSERT, UPDATE
public.webserviceban = SELECT, INSERT, UPDATE, DELETE
public.wikiname = SELECT, INSERT, UPDATE, DELETE
-public.usertouseremail = SELECT, INSERT, UPDATE
+type=user
[launchpad]
-# This user exists for backwards compatibility - it is an alias to
-# lanunchpad_main. There are a number of users in production that
-# have been assigned this role that I don't want to recreate just now.
-type=user
groups=launchpad_main
+type=user
[script]
-# Permissions required by all scripts.
-type=group
public.scriptactivity = SELECT, INSERT
+type=group
[statistician]
-type=user
groups=script
public.archive = SELECT, UPDATE
public.archivearch = SELECT, UPDATE
+public.binarypackagebuild = SELECT
public.binarypackagename = SELECT
public.binarypackagepublishinghistory = SELECT
public.binarypackagerelease = SELECT
@@ -348,8 +330,6 @@
public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
public.bugtask = SELECT
public.buildfarmjob = SELECT
-public.packagebuild = SELECT
-public.binarypackagebuild = SELECT
public.distribution = SELECT
public.distributionsourcepackagecache = SELECT, INSERT, UPDATE, DELETE
public.distroarchseries = SELECT, UPDATE
@@ -358,13 +338,12 @@
public.distroseriespackagecache = SELECT, INSERT, UPDATE, DELETE
public.language = SELECT
public.launchpadstatistic = SELECT, INSERT, UPDATE, DELETE
+public.packagebuild = SELECT
public.person = SELECT
-public.validpersoncache = SELECT
-public.validpersonorteamcache = SELECT
-public.potemplate = SELECT
public.pofile = SELECT
public.pofiletranslator = SELECT
public.pomsgid = SELECT
+public.potemplate = SELECT
public.potmsgset = SELECT
public.product = SELECT
public.productseries = SELECT
@@ -376,46 +355,47 @@
public.subunitstream = SELECT
public.translationmessage = SELECT, INSERT, UPDATE
public.translationtemplateitem = SELECT
+public.validpersoncache = SELECT
+public.validpersonorteamcache = SELECT
+type=user
[librarian]
-type=user
public.libraryfilealias = SELECT, INSERT, UPDATE
public.libraryfilecontent = SELECT, INSERT
+type=user
[librarianlogparser]
-type=user
groups=script
public.country = SELECT
public.libraryfilealias = SELECT, UPDATE
public.libraryfiledownloadcount = SELECT, INSERT, UPDATE
public.parsedapachelog = SELECT, INSERT, UPDATE
+type=user
[librariangc]
-type=user
groups=script
public.apportjob = SELECT, DELETE
-public.job = SELECT, DELETE
-public.libraryfilealias = SELECT, UPDATE, DELETE
-public.libraryfilecontent = SELECT, UPDATE, DELETE
-# This user needs select on every table that references LibraryFileAlias
+public.binarypackagebuild = SELECT
public.binarypackagefile = SELECT
public.branchmergeproposal = SELECT
public.bugattachment = SELECT
public.buildfarmjob = SELECT
-public.packagebuild = SELECT
-public.binarypackagebuild = SELECT
public.codeimportresult = SELECT
public.diff = SELECT
public.distribution = SELECT
public.distributionmirror = SELECT
+public.hwsubmission = SELECT
+public.job = SELECT, DELETE
public.languagepack = SELECT
-public.hwsubmission = SELECT
+public.libraryfilealias = SELECT, UPDATE, DELETE
+public.libraryfilecontent = SELECT, UPDATE, DELETE
public.mergedirectivejob = SELECT
public.message = SELECT
+public.messageapproval = SELECT
public.messagechunk = SELECT
-public.messageapproval = SELECT
public.mirrorproberecord = SELECT
public.openidrpconfig = SELECT
+public.packagebuild = SELECT
public.packagediff = SELECT
public.packageupload = SELECT
public.packageuploadcustom = SELECT
@@ -426,37 +406,33 @@
public.product = SELECT
public.productreleasefile = SELECT
public.project = SELECT
-public.subunitstream = SELECT
public.shipitreport = SELECT
public.shippingrun = SELECT
+public.sourcepackagerecipebuild = SELECT
+public.sourcepackagerelease = SELECT
+public.sourcepackagereleasefile = SELECT
public.sprint = SELECT
-public.sourcepackagerelease = SELECT
-public.sourcepackagereleasefile = SELECT
-public.sourcepackagerecipebuild = SELECT
+public.subunitstream = SELECT
public.temporaryblobstorage = SELECT, DELETE
public.translationimportqueueentry = SELECT
+type=user
[productreleasefinder]
-# Dyson release import script
-type=user
groups=script
public.bug = SELECT
public.bugtask = SELECT, UPDATE
-public.product = SELECT
-public.productseries = SELECT
-public.productrelease = SELECT, INSERT, UPDATE
-public.productreleasefile = SELECT, INSERT, UPDATE
-# Needed only because SQLobject does things...
-public.person = SELECT
-# Needed to write to the librarian
public.libraryfilealias = SELECT, INSERT
public.libraryfilecontent = SELECT, INSERT
public.milestone = SELECT, INSERT
+public.person = SELECT
+public.product = SELECT
+public.productrelease = SELECT, INSERT, UPDATE
+public.productreleasefile = SELECT, INSERT, UPDATE
+public.productseries = SELECT
public.sourcepackagename = SELECT
+type=user
[pofilestats]
-# Translations POFile statistics verification/update script
-type=user
groups=script
public.language = SELECT
public.pofile = SELECT, UPDATE
@@ -464,18 +440,15 @@
public.potmsgset = SELECT
public.translationmessage = SELECT
public.translationtemplateitem = SELECT
+type=user
[pofilestats_daily]
-# Daily POFile statistics verification/update script
-type=user
groups=pofilestats
+public.distroseries = SELECT
public.productseries = SELECT
-public.distroseries = SELECT
-
+type=user
[poimport]
-# Rosetta import script
-type=user
groups=write,script
public.account = SELECT, INSERT
public.customlanguagecode = SELECT
@@ -486,14 +459,13 @@
public.translator = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
+type=user
[translations_distroseries_copy]
-type=user
groups=poimport
+type=user
[translations_import_queue_gardener]
-# Translations import queue management
-type=user
groups=script,translations_approval
public.karma = SELECT, INSERT, UPDATE
public.karmaaction = SELECT
@@ -501,10 +473,9 @@
public.translationimportqueueentry = SELECT, DELETE, UPDATE
public.translationmessage = SELECT, INSERT, UPDATE
public.validpersoncache = SELECT
+type=user
[poexport]
-# Rosetta export script
-type=user
groups=script
public.distribution = SELECT
public.distroseries = SELECT
@@ -530,10 +501,9 @@
public.translator = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
+type=user
[langpack]
-# Language pack exporter script
-type=user
groups=script
public.distribution = SELECT
public.distroseries = SELECT, UPDATE
@@ -559,15 +529,14 @@
public.translator = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
+type=user
[checkwatches]
-# Malone bug watch script
-type=user
groups=script
public.account = SELECT, INSERT
public.accountpassword = SELECT, INSERT
+public.answercontact = SELECT
public.archive = SELECT
-public.answercontact = SELECT
public.binarypackagebuild = SELECT
public.binarypackagename = SELECT
public.binarypackagepublishinghistory = SELECT
@@ -584,8 +553,8 @@
public.bugnotificationrecipient = SELECT, INSERT
public.bugsubscription = SELECT
public.bugsubscriptionfilter = SELECT
+public.bugsubscriptionfilterimportance = SELECT
public.bugsubscriptionfilterstatus = SELECT
-public.bugsubscriptionfilterimportance = SELECT
public.bugsubscriptionfiltertag = SELECT
public.bugtag = SELECT
public.bugtask = SELECT, INSERT, UPDATE
@@ -605,22 +574,22 @@
public.language = SELECT
public.libraryfilealias = SELECT, INSERT
public.libraryfilecontent = SELECT, INSERT
+public.message = SELECT, INSERT
public.messagechunk = SELECT, INSERT
-public.message = SELECT, INSERT
public.milestone = SELECT
public.packagebugsupervisor = SELECT
public.person = SELECT, INSERT, UPDATE
+public.personlanguage = SELECT
public.personsettings = SELECT, INSERT
-public.personlanguage = SELECT
public.product = SELECT, UPDATE
public.productseries = SELECT
public.project = SELECT, UPDATE
+public.question = SELECT
public.questionbug = SELECT
-public.question = SELECT
public.questionsubscription = SELECT
public.section = SELECT
+public.sourcepackagename = SELECT
public.sourcepackagepublishinghistory = SELECT
-public.sourcepackagename = SELECT
public.sourcepackagerelease = SELECT
public.structuralsubscription = SELECT
public.teammembership = SELECT
@@ -628,9 +597,9 @@
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
public.wikiname = SELECT, INSERT
+type=user
[branchscanner]
-type=user
groups=write, script
public.account = SELECT, INSERT
public.accountpassword = SELECT, INSERT
@@ -641,18 +610,31 @@
public.branchrevision = SELECT, INSERT, UPDATE, DELETE
public.branchsubscription = SELECT
public.branchvisibilitypolicy = SELECT
+public.bugactivity = SELECT, INSERT
+public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
public.bugbranch = SELECT, INSERT, UPDATE
+public.bugnotification = SELECT, INSERT
+public.bugnotificationfilter = SELECT, INSERT
+public.bugnotificationrecipient = SELECT, INSERT
+public.bugsubscription = SELECT
+public.bugsubscriptionfilter = SELECT
+public.bugsubscriptionfilterimportance = SELECT
+public.bugsubscriptionfilterstatus = SELECT
+public.bugsubscriptionfiltertag = SELECT
+public.bugtag = SELECT
+public.codereviewmessage = SELECT
+public.codereviewvote = SELECT
public.diff = SELECT, INSERT, DELETE
-public.distroseries = SELECT
public.distribution = SELECT
public.distributionsourcepackage = SELECT, UPDATE
+public.distroseries = SELECT
public.emailaddress = SELECT
public.incrementaldiff = SELECT
public.job = SELECT, INSERT, UPDATE, DELETE
-public.translationtemplatesbuild = SELECT, INSERT
-# Karma
public.karma = SELECT, INSERT
public.karmaaction = SELECT
+public.message = SELECT, INSERT
+public.messagechunk = SELECT, INSERT
public.person = SELECT
public.revision = SELECT, INSERT, UPDATE
public.revisionauthor = SELECT, INSERT, UPDATE
@@ -665,29 +647,13 @@
public.sourcepackagerecipedata = SELECT
public.sourcepackagerecipedatainstruction = SELECT
public.staticdiff = SELECT, INSERT, DELETE
+public.structuralsubscription = SELECT
+public.translationtemplatesbuild = SELECT, INSERT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
-# Bug notifications
-public.bugactivity = SELECT, INSERT
-public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
-public.bugsubscription = SELECT
-public.bugsubscriptionfilter = SELECT
-public.bugsubscriptionfilterstatus = SELECT
-public.bugsubscriptionfilterimportance = SELECT
-public.bugsubscriptionfiltertag = SELECT
-public.bugnotification = SELECT, INSERT
-public.bugnotificationfilter = SELECT, INSERT
-public.bugnotificationrecipient = SELECT, INSERT
-public.bugtag = SELECT
-public.structuralsubscription = SELECT
-public.message = SELECT, INSERT
-public.messagechunk = SELECT, INSERT
-# Merge notifications
-public.codereviewvote = SELECT
-public.codereviewmessage = SELECT
+type=user
[branch-distro]
-type=user
public.branch = SELECT, INSERT, UPDATE
public.branchrevision = SELECT, INSERT
public.branchsubscription = SELECT, INSERT
@@ -702,38 +668,37 @@
public.sourcepackagename = SELECT
public.teamparticipation = SELECT
public.validpersoncache = SELECT
-
+type=user
[targetnamecacheupdater]
-type=user
groups=script
+public.binarypackagename = SELECT
public.bugtask = SELECT, UPDATE
-public.product = SELECT
-public.productseries = SELECT
public.distribution = SELECT
public.distroseries = SELECT
-public.sourcepackagename = SELECT
-public.binarypackagename = SELECT
public.potemplate = SELECT, UPDATE
+public.product = SELECT
+public.productseries = SELECT
+public.sourcepackagename = SELECT
+type=user
[distributionmirror]
-type=user
groups=script
public.account = SELECT
public.archive = SELECT
public.archivearch = SELECT
+public.binarypackagebuild = SELECT
public.binarypackagefile = SELECT
public.binarypackagename = SELECT
+public.binarypackagepublishinghistory = SELECT
public.binarypackagerelease = SELECT
public.buildfarmjob = SELECT
-public.packagebuild = SELECT
-public.binarypackagebuild = SELECT
public.component = SELECT
public.componentselection = SELECT
public.distribution = SELECT
public.distributionmirror = SELECT, UPDATE
+public.distroarchseries = SELECT
public.distroseries = SELECT
-public.distroarchseries = SELECT
public.emailaddress = SELECT
public.libraryfilealias = SELECT, INSERT
public.libraryfilecontent = SELECT, INSERT
@@ -741,77 +706,74 @@
public.mirrordistroarchseries = SELECT, UPDATE, DELETE, INSERT
public.mirrordistroseriessource = SELECT, UPDATE, DELETE, INSERT
public.mirrorproberecord = SELECT, INSERT
+public.packagebuild = SELECT
public.person = SELECT
public.processorfamily = SELECT
+public.sourcepackagename = SELECT
public.sourcepackagepublishinghistory = SELECT
-public.binarypackagepublishinghistory = SELECT
public.sourcepackagerelease = SELECT
public.sourcepackagereleasefile = SELECT
-public.sourcepackagename = SELECT
public.teammembership = SELECT
+type=user
[teammembership]
-# Update the TeamMembership table setting expired members
-type=user
groups=script
+public.emailaddress = SELECT
+public.job = SELECT, INSERT
+public.person = SELECT
+public.persontransferjob = SELECT, INSERT
public.teammembership = SELECT, UPDATE
public.teamparticipation = SELECT, DELETE
-public.person = SELECT
-public.emailaddress = SELECT
-public.job = SELECT, INSERT
-public.persontransferjob = SELECT, INSERT
+type=user
[karma]
-# Update the KarmaCache table
-type=user
groups=script
+public.emailaddress = SELECT
+public.karma = SELECT
+public.karmaaction = SELECT
public.karmacache = SELECT, INSERT, UPDATE, DELETE
-public.karma = SELECT
public.karmacategory = SELECT
-public.karmaaction = SELECT
public.karmatotalcache = SELECT, INSERT, UPDATE, DELETE
-public.emailaddress = SELECT
public.person = SELECT
public.product = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
+type=user
[request-daily-builds]
-type=user
groups=script
public.archive = SELECT
public.archivepermission = SELECT
-public.buildqueue = SELECT, INSERT, UPDATE
public.branch = SELECT
public.buildfarmjob = SELECT, INSERT
+public.buildqueue = SELECT, INSERT, UPDATE
public.component = SELECT
public.distribution = SELECT
+public.distroarchseries = SELECT
public.distroseries = SELECT
-public.distroarchseries = SELECT
public.job = SELECT, INSERT
+public.packagebuild = SELECT, INSERT
public.person = SELECT
-public.packagebuild = SELECT, INSERT
public.processor = SELECT
public.processorfamily = SELECT
+public.sourcepackagename = SELECT
public.sourcepackagerecipe = SELECT, UPDATE
-public.sourcepackagename = SELECT
public.sourcepackagerecipebuild = SELECT, INSERT
public.sourcepackagerecipebuildjob = SELECT, INSERT
public.sourcepackagerecipedata = SELECT
public.sourcepackagerecipedistroseries = SELECT
public.teamparticipation = SELECT
+type=user
[revisionkarma]
-# Allocate karma for revisions.
-type=user
groups=script
public.branch = SELECT
public.branchrevision = SELECT
public.distribution = SELECT
public.distroseries = SELECT
public.karma = SELECT, INSERT
+public.karmaaction = SELECT
public.karmacategory = SELECT
-public.karmaaction = SELECT
public.person = SELECT
public.product = SELECT
public.productseries = SELECT
@@ -819,163 +781,158 @@
public.revisionauthor = SELECT
public.sourcepackagename = SELECT
public.validpersoncache = SELECT
+type=user
[cve]
-type=user
groups=script
public.cve = SELECT, INSERT, UPDATE
public.cvereference = SELECT, INSERT, UPDATE, DELETE
-
+type=user
[gina]
-# Unpack sourcepackages and extract metadata
-type=user
groups=write,script
public.account = SELECT, INSERT
public.accountpassword = SELECT, INSERT
public.archive = SELECT, UPDATE
public.archivearch = SELECT, UPDATE
+public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE
public.distribution = SELECT
public.distributionjob = SELECT, INSERT
public.distributionsourcepackage = SELECT, INSERT
public.packagediff = SELECT, INSERT, UPDATE
-public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE
public.sourcepackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE
+type=user
[archivepublisher]
-type=user
groups=write,script
+public.answercontact = SELECT
public.archive = SELECT, UPDATE
public.archivearch = SELECT
public.archiveauthtoken = SELECT, UPDATE
public.archivepermission = SELECT, INSERT
public.archivesubscriber = SELECT, UPDATE
+public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE
+public.bug = SELECT, UPDATE
+public.bugactivity = SELECT, INSERT
+public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
+public.bugcve = SELECT, INSERT
+public.bugmessage = SELECT, INSERT
+public.bugnomination = SELECT
+public.bugnotification = SELECT, INSERT
+public.bugnotificationfilter = SELECT, INSERT
+public.bugnotificationrecipient = SELECT, INSERT
+public.bugsubscription = SELECT
+public.bugsubscriptionfilter = SELECT
+public.bugsubscriptionfilterimportance = SELECT
+public.bugsubscriptionfilterstatus = SELECT
+public.bugsubscriptionfiltertag = SELECT
+public.bugtag = SELECT
+public.bugtask = SELECT, UPDATE
+public.bugtracker = SELECT, INSERT
+public.bugtrackeralias = SELECT, INSERT
+public.bugwatch = SELECT, INSERT
+public.cve = SELECT, INSERT
public.distributionjob = SELECT, INSERT
+public.distributionsourcepackage = SELECT, INSERT, UPDATE
+public.flatpackagesetinclusion = SELECT, INSERT, UPDATE, DELETE
public.gpgkey = SELECT, INSERT, UPDATE
+public.karma = SELECT, INSERT
+public.karmaaction = SELECT
+public.language = SELECT
+public.message = SELECT, INSERT
+public.messagechunk = SELECT, INSERT
+public.milestone = SELECT
+public.packagebugsupervisor = SELECT
public.packagecopyrequest = SELECT, INSERT, UPDATE
public.packagediff = SELECT, INSERT, UPDATE
public.packageset = SELECT, INSERT
public.packagesetgroup = SELECT
+public.packagesetinclusion = SELECT, INSERT, UPDATE, DELETE
public.packagesetsources = SELECT, INSERT, UPDATE, DELETE
-public.packagesetinclusion = SELECT, INSERT, UPDATE, DELETE
-# INSERT for publisherconfig only required for the test suite.
+public.personlanguage = SELECT
+public.product = SELECT
+public.productseries = SELECT
+public.project = SELECT
public.publisherconfig = SELECT, INSERT
-public.flatpackagesetinclusion = SELECT, INSERT, UPDATE, DELETE
-public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE
+public.question = SELECT
+public.questionbug = SELECT
+public.questionsubscription = SELECT
public.sourcepackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE
-public.distributionsourcepackage = SELECT, INSERT, UPDATE
-
-# Closing bugs for publication copies.
-public.bug = SELECT, UPDATE
-public.bugactivity = SELECT, INSERT
-public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
-public.bugsubscription = SELECT
-public.bugsubscriptionfilter = SELECT
-public.bugsubscriptionfilterstatus = SELECT
-public.bugsubscriptionfilterimportance = SELECT
-public.bugsubscriptionfiltertag = SELECT
-public.bugnotification = SELECT, INSERT
-public.bugnotificationfilter = SELECT, INSERT
-public.bugnotificationrecipient = SELECT, INSERT
-public.bugnomination = SELECT
-public.bugtag = SELECT
-public.bugtask = SELECT, UPDATE
-public.product = SELECT
-public.project = SELECT
-public.bugmessage = SELECT, INSERT
-public.message = SELECT, INSERT
-public.messagechunk = SELECT, INSERT
-public.productseries = SELECT
+public.structuralsubscription = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
-public.karmaaction = SELECT
-public.karma = SELECT, INSERT
-public.questionbug = SELECT
-public.question = SELECT
-public.packagebugsupervisor = SELECT
-public.milestone = SELECT
-public.bugwatch = SELECT, INSERT
-public.bugtracker = SELECT, INSERT
-public.bugtrackeralias = SELECT, INSERT
-public.cve = SELECT, INSERT
-public.bugcve = SELECT, INSERT
-public.language = SELECT
-public.questionsubscription = SELECT
-public.answercontact = SELECT
-public.personlanguage = SELECT
-public.structuralsubscription = SELECT
+type=user
[fiera]
-type=user
groups=script,translations_approval
public.account = SELECT
public.archive = SELECT, UPDATE
public.archivearch = SELECT, UPDATE
public.archivedependency = SELECT
+public.binarypackagebuild = SELECT, INSERT, UPDATE
+public.binarypackagefile = SELECT
+public.binarypackagename = SELECT
+public.binarypackagepublishinghistory = SELECT
+public.binarypackagerelease = SELECT
public.branch = SELECT
public.branchjob = SELECT, DELETE
-public.buildqueue = SELECT, INSERT, UPDATE, DELETE
-public.job = SELECT, INSERT, UPDATE, DELETE
-public.buildpackagejob = SELECT, INSERT, UPDATE, DELETE
public.builder = SELECT, INSERT, UPDATE
public.buildfarmjob = SELECT, INSERT, UPDATE
-public.packagebuild = SELECT, INSERT, UPDATE
-public.binarypackagebuild = SELECT, INSERT, UPDATE
+public.buildpackagejob = SELECT, INSERT, UPDATE, DELETE
+public.buildqueue = SELECT, INSERT, UPDATE, DELETE
+public.component = SELECT
public.distribution = SELECT, UPDATE
-public.distroseries = SELECT, UPDATE
public.distroarchseries = SELECT, UPDATE
-public.sourcepackagepublishinghistory = SELECT
-public.sourcepackagerelease = SELECT
-public.sourcepackagereleasefile = SELECT
-public.sourcepackagename = SELECT
-public.binarypackagepublishinghistory = SELECT
-public.binarypackagerelease = SELECT
-public.binarypackagefile = SELECT
-public.binarypackagename = SELECT
+public.distroseries = SELECT, UPDATE
+public.emailaddress = SELECT
+public.flatpackagesetinclusion = SELECT
+public.gpgkey = SELECT
+public.job = SELECT, INSERT, UPDATE, DELETE
public.libraryfilealias = SELECT, INSERT
public.libraryfilecontent = SELECT, INSERT
-public.processor = SELECT
-public.processorfamily = SELECT
+public.packagebuild = SELECT, INSERT, UPDATE
+public.packageset = SELECT
+public.packagesetgroup = SELECT
+public.packagesetinclusion = SELECT
+public.packagesetsources = SELECT
+public.person = SELECT
public.pocketchroot = SELECT, INSERT, UPDATE
+public.processor = SELECT
+public.processorfamily = SELECT
public.product = SELECT
public.productseries = SELECT
+public.publisherconfig = SELECT
+public.section = SELECT
public.seriessourcepackagebranch = SELECT
-public.component = SELECT
-public.section = SELECT
+public.sourcepackagename = SELECT
+public.sourcepackagepublishinghistory = SELECT
public.sourcepackagerecipe = SELECT
public.sourcepackagerecipebuild = SELECT, UPDATE
public.sourcepackagerecipebuildjob = SELECT, INSERT, UPDATE, DELETE
public.sourcepackagerecipedata = SELECT
public.sourcepackagerecipedatainstruction = SELECT
-public.person = SELECT
-public.emailaddress = SELECT
+public.sourcepackagerelease = SELECT
+public.sourcepackagereleasefile = SELECT
public.teammembership = SELECT
-public.gpgkey = SELECT
-public.packageset = SELECT
-public.packagesetgroup = SELECT
-public.packagesetsources = SELECT
-public.packagesetinclusion = SELECT
-public.flatpackagesetinclusion = SELECT
public.teamparticipation = SELECT
public.translationimportqueueentry = SELECT, INSERT, UPDATE
public.translationtemplatesbuild = SELECT, INSERT
-public.publisherconfig = SELECT
+type=user
[ppa-apache-log-parser]
-type=user
groups=script
-public.person = SELECT
public.archive = SELECT
+public.binarypackagefile = SELECT
public.binarypackagepublishinghistory = SELECT
public.binarypackagerelease = SELECT
-public.binarypackagefile = SELECT
-public.libraryfilealias = SELECT
public.binarypackagereleasedownloadcount = SELECT, INSERT, UPDATE
public.country = SELECT
+public.libraryfilealias = SELECT
public.parsedapachelog = SELECT, INSERT, UPDATE
+public.person = SELECT
+type=user
[initialisedistroseries]
-type=user
groups=script
public.archive = SELECT
public.archivepermission = SELECT, INSERT
@@ -1014,9 +971,9 @@
public.sourcepackagepublishinghistory = SELECT, INSERT
public.sourcepackagerelease = SELECT
public.sourcepackagereleasefile = SELECT
+type=user
[sync_packages]
-type=user
groups=script
public.archive = SELECT
public.archivepermission = SELECT, INSERT
@@ -1057,9 +1014,9 @@
public.sourcepackagepublishinghistory = SELECT, INSERT
public.sourcepackagerelease = SELECT
public.sourcepackagereleasefile = SELECT, INSERT, UPDATE
+type=user
[distroseriesdifferencejob]
-type=user
groups=script
public.archive = SELECT
public.distribution = SELECT
@@ -1074,21 +1031,20 @@
public.sourcepackagename = SELECT
public.sourcepackagepublishinghistory = SELECT
public.sourcepackagerelease = SELECT
+type=user
[write]
-type=group
-# Full access except for tables that are exclusively updated by
-# certain processes, such as the librarian tables. This group is deprecated -
-# access should be explicitly granted to users.
public.account = SELECT, INSERT, UPDATE
public.accountpassword = SELECT, INSERT
public.archive = SELECT, INSERT, UPDATE
+public.archivearch = SELECT, INSERT, UPDATE, DELETE
public.archivejob = SELECT, INSERT
-public.archivearch = SELECT, INSERT, UPDATE, DELETE
-public.binarypackagerelease = SELECT, INSERT, UPDATE
+public.binarypackagebuild = SELECT, INSERT, UPDATE
public.binarypackagefile = SELECT, INSERT, UPDATE
public.binarypackagefilepublishing = SELECT, INSERT, UPDATE
public.binarypackagename = SELECT, INSERT, UPDATE
+public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE
+public.binarypackagerelease = SELECT, INSERT, UPDATE
public.bounty = SELECT, INSERT, UPDATE
public.bountymessage = SELECT, INSERT
public.branch = SELECT, INSERT, UPDATE
@@ -1102,35 +1058,29 @@
public.bugproductinfestation = SELECT, INSERT, UPDATE
public.bugsubscription = SELECT, INSERT, UPDATE, DELETE
public.bugsubscriptionfilter = SELECT, INSERT, UPDATE, DELETE
+public.bugsubscriptionfilterimportance = SELECT, INSERT, UPDATE, DELETE
public.bugsubscriptionfilterstatus = SELECT, INSERT, UPDATE, DELETE
-public.bugsubscriptionfilterimportance = SELECT, INSERT, UPDATE, DELETE
public.bugsubscriptionfiltertag = SELECT, INSERT, UPDATE, DELETE
public.bugtask = SELECT, INSERT, UPDATE, DELETE
public.bugtracker = SELECT, INSERT, UPDATE, DELETE
public.bugtrackeralias = SELECT, INSERT, UPDATE, DELETE
public.bugwatch = SELECT, INSERT, UPDATE, DELETE
-public.buildfarmjob = SELECT, INSERT, UPDATE
-public.packagebuild = SELECT, INSERT, UPDATE
-public.binarypackagebuild = SELECT, INSERT, UPDATE
public.builder = SELECT, INSERT, UPDATE
+public.buildfarmjob = SELECT, INSERT, UPDATE
+public.buildpackagejob = SELECT, INSERT, UPDATE, DELETE
public.buildqueue = SELECT, INSERT, UPDATE, DELETE
-public.job = SELECT, INSERT, UPDATE, DELETE
-public.buildpackagejob = SELECT, INSERT, UPDATE, DELETE
public.component = SELECT, INSERT, UPDATE
public.componentselection = SELECT, INSERT, UPDATE
public.country = SELECT, INSERT, UPDATE
public.distribution = SELECT, INSERT, UPDATE
public.distroarchseries = SELECT, INSERT, UPDATE
+public.distrocomponentuploader = SELECT, INSERT, UPDATE
public.distroseries = SELECT, INSERT, UPDATE
-public.openidrpsummary = SELECT, INSERT, UPDATE
-public.packageupload = SELECT, INSERT, UPDATE
-public.packageuploadbuild = SELECT, INSERT, UPDATE
-public.packageuploadsource = SELECT, INSERT, UPDATE
-public.packageuploadcustom = SELECT, INSERT, UPDATE
-public.distrocomponentuploader = SELECT, INSERT, UPDATE
public.emailaddress = SELECT, INSERT, UPDATE
+public.gpgkey = SELECT, INSERT, UPDATE, DELETE
public.ircid = SELECT, INSERT, UPDATE, DELETE
public.jabberid = SELECT, INSERT, UPDATE, DELETE
+public.job = SELECT, INSERT, UPDATE, DELETE
public.karma = SELECT, INSERT, UPDATE
public.karmaaction = SELECT, INSERT, UPDATE
public.language = SELECT, INSERT, UPDATE
@@ -1138,18 +1088,22 @@
public.libraryfilealias = SELECT, INSERT
public.libraryfilecontent = SELECT, INSERT
public.logintoken = SELECT, INSERT, UPDATE
+public.message = SELECT, INSERT, UPDATE
+public.milestone = SELECT, INSERT, UPDATE
public.mirror = SELECT, INSERT, UPDATE, DELETE
public.mirrorcontent = SELECT, INSERT, UPDATE, DELETE
public.mirrorsourcecontent = SELECT, INSERT, UPDATE, DELETE
-public.teammembership = SELECT, INSERT, UPDATE, DELETE
-public.message = SELECT, INSERT, UPDATE
-public.milestone = SELECT, INSERT, UPDATE
-public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE, DELETE
+public.openidrpsummary = SELECT, INSERT, UPDATE
+public.packagebuild = SELECT, INSERT, UPDATE
public.packageselection = SELECT, INSERT, UPDATE
+public.packageupload = SELECT, INSERT, UPDATE
+public.packageuploadbuild = SELECT, INSERT, UPDATE
+public.packageuploadcustom = SELECT, INSERT, UPDATE
+public.packageuploadsource = SELECT, INSERT, UPDATE
public.packaging = SELECT, INSERT, UPDATE
public.person = SELECT, INSERT, UPDATE
-public.personsettings = SELECT, INSERT, UPDATE
public.personlanguage = SELECT, INSERT, UPDATE
+public.personsettings = SELECT, INSERT, UPDATE
public.pocketchroot = SELECT, INSERT, UPDATE
public.pocomment = SELECT, INSERT, UPDATE
public.pofile = SELECT, INSERT, UPDATE
@@ -1162,8 +1116,8 @@
public.processor = SELECT, INSERT, UPDATE
public.processorfamily = SELECT, INSERT, UPDATE
public.product = SELECT, INSERT, UPDATE
+public.productcvsmodule = SELECT, INSERT, UPDATE
public.productlicense = SELECT, INSERT, UPDATE, DELETE
-public.productcvsmodule = SELECT, INSERT, UPDATE
public.productrelease = SELECT, INSERT, UPDATE
public.productreleasefile = SELECT, INSERT, UPDATE
public.productseries = SELECT, INSERT, UPDATE
@@ -1181,15 +1135,15 @@
public.sourcepackagerelease = SELECT, INSERT, UPDATE
public.sourcepackagereleasefile = SELECT, INSERT, UPDATE
public.spokenin = SELECT, INSERT, UPDATE
-public.gpgkey = SELECT, INSERT, UPDATE, DELETE
public.sshkey = SELECT, INSERT, UPDATE, DELETE
+public.teammembership = SELECT, INSERT, UPDATE, DELETE
public.teamparticipation = SELECT, INSERT, UPDATE, DELETE
public.translationimportqueueentry = SELECT, INSERT, UPDATE, DELETE
public.translationtemplateitem = SELECT, INSERT, UPDATE, DELETE
public.wikiname = SELECT, INSERT, UPDATE, DELETE
+type=group
[shipit]
-type=user
groups=script
public.account = SELECT
public.continent = SELECT
@@ -1207,10 +1161,9 @@
public.standardshipitrequest = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
+type=user
[standingupdater]
-# For the personal standing updater cron script.
-type=user
groups=script
public.emailaddress = SELECT
public.mailinglist = SELECT
@@ -1218,10 +1171,9 @@
public.messageapproval = SELECT
public.person = SELECT, UPDATE
public.teamparticipation = SELECT
+type=user
[answertracker]
-# User running expire-questions.py
-type=user
groups=script
public.account = SELECT, INSERT
public.accountpassword = SELECT, INSERT
@@ -1230,8 +1182,8 @@
public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
public.bugtask = SELECT
public.distribution = SELECT
+public.emailaddress = SELECT
public.faq = SELECT
-public.emailaddress = SELECT
public.language = SELECT
public.message = SELECT, INSERT
public.messagechunk = SELECT, INSERT
@@ -1246,338 +1198,298 @@
public.teammembership = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
+type=user
[uploader]
-type=user
groups=script,uploading
+type=user
[uploading]
-type=group
-# Everything is keyed off an archive
+public.account = SELECT, INSERT
+public.accountpassword = SELECT, INSERT
+public.answercontact = SELECT
public.archive = SELECT, INSERT, UPDATE
public.archivearch = SELECT, INSERT, UPDATE
-public.packageset = SELECT
-public.packagesetgroup = SELECT
-public.packagesetsources = SELECT
-public.packagesetinclusion = SELECT
-public.flatpackagesetinclusion = SELECT
-
-# This block is granted insert in order to be able to create maintainers
-# on the fly when we encounter them.
-public.account = SELECT, INSERT
-public.accountpassword = SELECT, INSERT
-public.person = SELECT, INSERT, UPDATE
-public.personsettings = SELECT, INSERT
-public.emailaddress = SELECT, INSERT, UPDATE
-public.teamparticipation = SELECT, INSERT
-public.teammembership = SELECT
-public.wikiname = SELECT, INSERT
-public.validpersoncache = SELECT
-public.validpersonorteamcache = SELECT
-
-# I didn't want to give it INSERT and if someone can fix the gpg-coc story
-# So that it works with my key in place then nascentupload.txt won't have
-# to insert it.
-public.gpgkey = SELECT, INSERT
-public.signedcodeofconduct = SELECT
-public.distribution = SELECT, UPDATE
-public.distributionjob = SELECT, INSERT
-public.distroseries = SELECT, UPDATE
-public.distroarchseries = SELECT
-public.sourcepackagepublishinghistory = SELECT, INSERT
-public.distributionsourcepackage = SELECT, INSERT, UPDATE
-public.sourcepackagefilepublishing = SELECT
+public.archivepermission = SELECT
+public.binarypackagebuild = SELECT, INSERT, UPDATE
+public.binarypackagefile = SELECT, INSERT
public.binarypackagefilepublishing = SELECT
-public.binarypackagepublishinghistory = SELECT
-public.component = SELECT, INSERT
-public.section = SELECT, INSERT
-public.componentselection = SELECT
-public.sectionselection = SELECT
-public.distrocomponentuploader = SELECT
-public.archivepermission = SELECT
-public.processor = SELECT
-public.processorfamily = SELECT
-public.sourcepackageformatselection = SELECT
-
-# Source and Binary packages and builds
-public.sourcepackagename = SELECT, INSERT
-public.sourcepackagerelease = SELECT, INSERT, UPDATE
public.binarypackagename = SELECT, INSERT
+public.binarypackagepublishinghistory = SELECT
public.binarypackagerelease = SELECT, INSERT
-public.sourcepackagereleasefile = SELECT, INSERT
-public.binarypackagefile = SELECT, INSERT
-public.pocketchroot = SELECT
-public.buildfarmjob = SELECT, INSERT, UPDATE
-public.packagebuild = SELECT, INSERT, UPDATE
-public.binarypackagebuild = SELECT, INSERT, UPDATE
-public.sourcepackagerecipebuild = SELECT, UPDATE
-public.sourcepackagerecipebuildjob = SELECT, UPDATE
-public.sourcepackagerecipe = SELECT, UPDATE
-public.buildqueue = SELECT, INSERT, UPDATE
+public.bug = SELECT, UPDATE
+public.bugactivity = SELECT, INSERT
+public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
+public.bugcve = SELECT, INSERT
+public.bugjob = SELECT, INSERT
+public.bugmessage = SELECT, INSERT
+public.bugnomination = SELECT
+public.bugnotification = SELECT, INSERT
+public.bugnotificationfilter = SELECT, INSERT
+public.bugnotificationrecipient = SELECT, INSERT
+public.bugsubscription = SELECT
+public.bugsubscriptionfilter = SELECT
+public.bugsubscriptionfilterimportance = SELECT
+public.bugsubscriptionfilterstatus = SELECT
+public.bugsubscriptionfiltertag = SELECT
+public.bugtag = SELECT
+public.bugtask = SELECT, UPDATE
+public.bugtracker = SELECT, INSERT
+public.bugtrackeralias = SELECT, INSERT
+public.bugwatch = SELECT, INSERT
public.builder = SELECT
+public.buildfarmjob = SELECT, INSERT, UPDATE
+public.buildpackagejob = SELECT, INSERT, UPDATE
+public.buildqueue = SELECT, INSERT, UPDATE
+public.component = SELECT, INSERT
+public.componentselection = SELECT
+public.cve = SELECT, INSERT
+public.distribution = SELECT, UPDATE
+public.distributionjob = SELECT, INSERT
+public.distributionsourcepackage = SELECT, INSERT, UPDATE
+public.distroarchseries = SELECT
+public.distrocomponentuploader = SELECT
+public.distroseries = SELECT, UPDATE
+public.emailaddress = SELECT, INSERT, UPDATE
+public.flatpackagesetinclusion = SELECT
+public.gpgkey = SELECT, INSERT
public.job = SELECT, INSERT, UPDATE
-public.buildpackagejob = SELECT, INSERT, UPDATE
-
-# Thusly the librarian
+public.karma = SELECT, INSERT
+public.karmaaction = SELECT
+public.language = SELECT
+public.libraryfilealias = SELECT, INSERT
public.libraryfilecontent = SELECT, INSERT
-public.libraryfilealias = SELECT, INSERT
-
-# The queue
+public.message = SELECT, INSERT
+public.messagechunk = SELECT, INSERT
+public.milestone = SELECT
+public.packagebugsupervisor = SELECT
+public.packagebuild = SELECT, INSERT, UPDATE
+public.packagediff = SELECT, INSERT, UPDATE, DELETE
+public.packageset = SELECT
+public.packagesetgroup = SELECT
+public.packagesetinclusion = SELECT
+public.packagesetsources = SELECT
public.packageupload = SELECT, INSERT, UPDATE
-public.packageuploadsource = SELECT, INSERT
public.packageuploadbuild = SELECT, INSERT
public.packageuploadcustom = SELECT, INSERT
-
-# Closing bugs for premature source-only publication
-public.bug = SELECT, UPDATE
-public.bugactivity = SELECT, INSERT
-public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
-public.bugjob = SELECT, INSERT
-public.bugsubscription = SELECT
-public.bugsubscriptionfilter = SELECT
-public.bugsubscriptionfilterstatus = SELECT
-public.bugsubscriptionfilterimportance = SELECT
-public.bugsubscriptionfiltertag = SELECT
-public.bugnotification = SELECT, INSERT
-public.bugnotificationfilter = SELECT, INSERT
-public.bugnotificationrecipient = SELECT, INSERT
-public.bugnomination = SELECT
-public.bugtag = SELECT
-public.bugtask = SELECT, UPDATE
+public.packageuploadsource = SELECT, INSERT
+public.person = SELECT, INSERT, UPDATE
+public.personlanguage = SELECT
+public.personsettings = SELECT, INSERT
+public.pocketchroot = SELECT
+public.processor = SELECT
+public.processorfamily = SELECT
public.product = SELECT, UPDATE
+public.productseries = SELECT
public.project = SELECT, UPDATE
-public.bugmessage = SELECT, INSERT
-public.message = SELECT, INSERT
-public.messagechunk = SELECT, INSERT
-public.productseries = SELECT
-public.karmaaction = SELECT
-public.karma = SELECT, INSERT
+public.question = SELECT
public.questionbug = SELECT
-public.question = SELECT
-public.packagebugsupervisor = SELECT
-public.milestone = SELECT
-public.bugwatch = SELECT, INSERT
-public.bugtracker = SELECT, INSERT
-public.bugtrackeralias = SELECT, INSERT
-public.cve = SELECT, INSERT
-public.bugcve = SELECT, INSERT
-public.language = SELECT
public.questionsubscription = SELECT
-public.answercontact = SELECT
-public.personlanguage = SELECT
+public.section = SELECT, INSERT
+public.sectionselection = SELECT
+public.signedcodeofconduct = SELECT
+public.sourcepackagefilepublishing = SELECT
+public.sourcepackageformatselection = SELECT
+public.sourcepackagename = SELECT, INSERT
+public.sourcepackagepublishinghistory = SELECT, INSERT
+public.sourcepackagerecipe = SELECT, UPDATE
+public.sourcepackagerecipebuild = SELECT, UPDATE
+public.sourcepackagerecipebuildjob = SELECT, UPDATE
+public.sourcepackagerelease = SELECT, INSERT, UPDATE
+public.sourcepackagereleasefile = SELECT, INSERT
public.structuralsubscription = SELECT
-
-# Diffing against ancestry and maintenance tasks.
-public.packagediff = SELECT, INSERT, UPDATE, DELETE
+public.teammembership = SELECT
+public.teamparticipation = SELECT, INSERT
+public.validpersoncache = SELECT
+public.validpersonorteamcache = SELECT
+public.wikiname = SELECT, INSERT
+type=group
[queued]
-type=user
groups=script
-# Announce handling
public.account = SELECT, INSERT
+public.answercontact = SELECT
+public.archive = SELECT, UPDATE
+public.archivearch = SELECT, UPDATE
+public.archivepermission = SELECT
+public.binarypackagebuild = SELECT, INSERT, UPDATE
+public.binarypackagefile = SELECT, UPDATE
+public.binarypackagefilepublishing = SELECT
+public.binarypackagename = SELECT
+public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE
+public.binarypackagerelease = SELECT, UPDATE
+public.bug = SELECT, UPDATE
+public.bugactivity = SELECT, INSERT
+public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
+public.bugcve = SELECT, INSERT
+public.bugjob = SELECT, INSERT
+public.bugmessage = SELECT, INSERT
+public.bugnomination = SELECT
+public.bugnotification = SELECT, INSERT
+public.bugnotificationfilter = SELECT, INSERT
+public.bugnotificationrecipient = SELECT, INSERT
+public.bugsubscription = SELECT
+public.bugsubscriptionfilter = SELECT
+public.bugsubscriptionfilterimportance = SELECT
+public.bugsubscriptionfilterstatus = SELECT
+public.bugsubscriptionfiltertag = SELECT
+public.bugtag = SELECT
+public.bugtask = SELECT, UPDATE
+public.bugtracker = SELECT, INSERT
+public.bugtrackeralias = SELECT, INSERT
+public.bugwatch = SELECT, INSERT
+public.buildfarmjob = SELECT, INSERT, UPDATE
+public.buildpackagejob = SELECT, INSERT, UPDATE
+public.buildqueue = SELECT, INSERT, UPDATE
+public.component = SELECT
+public.componentselection = SELECT
+public.cve = SELECT, INSERT
+public.distribution = SELECT, UPDATE
public.distributionjob = SELECT, INSERT
-public.person = SELECT, INSERT
-public.personsettings = SELECT, INSERT
+public.distributionsourcepackage = SELECT, INSERT, UPDATE
+public.distroarchseries = SELECT
+public.distrocomponentuploader = SELECT
+public.distroseries = SELECT
public.emailaddress = SELECT, INSERT, UPDATE
-public.teamparticipation = SELECT, INSERT
-public.teammembership = SELECT
+public.flatpackagesetinclusion = SELECT
public.gpgkey = SELECT
-
-# The Queue
+public.job = SELECT, INSERT, UPDATE
+public.karma = SELECT, INSERT
+public.karmaaction = SELECT
+public.language = SELECT
+public.libraryfilealias = SELECT, INSERT
+public.libraryfilecontent = SELECT, INSERT
+public.message = SELECT, INSERT
+public.messagechunk = SELECT, INSERT
+public.milestone = SELECT
+public.packagebugsupervisor = SELECT
+public.packagebuild = SELECT, INSERT, UPDATE
+public.packagediff = SELECT, UPDATE
+public.packageset = SELECT
+public.packagesetgroup = SELECT
+public.packagesetinclusion = SELECT
+public.packagesetsources = SELECT
public.packageupload = SELECT, UPDATE
-public.packageuploadsource = SELECT
public.packageuploadbuild = SELECT
public.packageuploadcustom = SELECT, UPDATE
-
-# Distribution/Publishing stuff
-public.archive = SELECT, UPDATE
-public.archivearch = SELECT, UPDATE
-public.archivepermission = SELECT
-public.distribution = SELECT, UPDATE
-public.distroseries = SELECT
-public.distroarchseries = SELECT
+public.packageuploadsource = SELECT
+public.packaging = SELECT
+public.person = SELECT, INSERT
+public.personlanguage = SELECT
+public.personsettings = SELECT, INSERT
+public.pocketchroot = SELECT
+public.pofile = SELECT
+public.potemplate = SELECT
public.processor = SELECT
public.processorfamily = SELECT
-public.distrocomponentuploader = SELECT
-public.buildfarmjob = SELECT, INSERT, UPDATE
-public.packagebuild = SELECT, INSERT, UPDATE
-public.binarypackagebuild = SELECT, INSERT, UPDATE
-public.buildqueue = SELECT, INSERT, UPDATE
-public.job = SELECT, INSERT, UPDATE
-public.buildpackagejob = SELECT, INSERT, UPDATE
-public.pocketchroot = SELECT
+public.product = SELECT, UPDATE
+public.productseries = SELECT
+public.project = SELECT, UPDATE
+public.publisherconfig = SELECT
+public.question = SELECT
+public.questionbug = SELECT
+public.questionsubscription = SELECT
+public.section = SELECT
+public.sectionselection = SELECT
+public.sourcepackagefilepublishing = SELECT
+public.sourcepackagename = SELECT
+public.sourcepackagepublishinghistory = SELECT, INSERT, UPDATE
+public.sourcepackagerecipebuild = SELECT
+public.sourcepackagerecipebuildjob = SELECT, INSERT, UPDATE
public.sourcepackagerelease = SELECT, UPDATE
-public.binarypackagerelease = SELECT, UPDATE
public.sourcepackagereleasefile = SELECT, UPDATE
-public.binarypackagefile = SELECT, UPDATE
-public.sourcepackagename = SELECT
-public.binarypackagename = SELECT
-public.sourcepackagefilepublishing = SELECT
-public.binarypackagefilepublishing = SELECT
-public.sourcepackagepublishinghistory = SELECT, INSERT, UPDATE
-public.distributionsourcepackage = SELECT, INSERT, UPDATE
-public.binarypackagepublishinghistory = SELECT, INSERT, UPDATE
-public.sourcepackagerecipebuild = SELECT
-public.sourcepackagerecipebuildjob = SELECT, INSERT, UPDATE
-public.component = SELECT
-public.componentselection = SELECT
-public.sectionselection = SELECT
-public.packagediff = SELECT, UPDATE
-public.publisherconfig = SELECT
-
-# Librarian stuff
-public.libraryfilealias = SELECT, INSERT
-public.libraryfilecontent = SELECT, INSERT
-
-# rosetta auto imports
-public.packaging = SELECT
-public.pofile = SELECT
-public.potemplate = SELECT
+public.structuralsubscription = SELECT
+public.teammembership = SELECT
+public.teamparticipation = SELECT, INSERT
public.translationgroup = SELECT
public.translationimportqueueentry = SELECT, INSERT, UPDATE
-
-# Closing bugs.
-public.bug = SELECT, UPDATE
-public.bugactivity = SELECT, INSERT
-public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
-public.bugjob = SELECT, INSERT
-public.bugsubscription = SELECT
-public.bugsubscriptionfilter = SELECT
-public.bugsubscriptionfilterstatus = SELECT
-public.bugsubscriptionfilterimportance = SELECT
-public.bugsubscriptionfiltertag = SELECT
-public.bugnotification = SELECT, INSERT
-public.bugnotificationfilter = SELECT, INSERT
-public.bugnotificationrecipient = SELECT, INSERT
-public.bugnomination = SELECT
-public.bugtag = SELECT
-public.bugtask = SELECT, UPDATE
-public.product = SELECT, UPDATE
-public.project = SELECT, UPDATE
-public.bugmessage = SELECT, INSERT
-public.message = SELECT, INSERT
-public.messagechunk = SELECT, INSERT
-public.productseries = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
-public.karmaaction = SELECT
-public.karma = SELECT, INSERT
-public.questionbug = SELECT
-public.question = SELECT
-public.packagebugsupervisor = SELECT
-public.milestone = SELECT
-public.bugwatch = SELECT, INSERT
-public.bugtracker = SELECT, INSERT
-public.bugtrackeralias = SELECT, INSERT
-public.cve = SELECT, INSERT
-public.bugcve = SELECT, INSERT
-public.language = SELECT
-public.questionsubscription = SELECT
-public.answercontact = SELECT
-public.personlanguage = SELECT
-public.section = SELECT
-public.structuralsubscription = SELECT
-public.packageset = SELECT
-public.packagesetgroup = SELECT
-public.packagesetsources = SELECT
-public.packagesetinclusion = SELECT
-public.flatpackagesetinclusion = SELECT
-
+type=user
[ppad]
-type=user
groups=script
public.archive = SELECT
public.archivearch = SELECT
public.person = SELECT
+type=user
[session]
-# This user doesn't have access to any tables in the main launchpad
-# database - it has permissions on the seperate session database only,
-# which are not maintained by this script. User is just here so it gets
-# created if necessary.
type=user
[bugnotification]
-# Sends bug notifications.
-# XXX: BjornT 2006-03-31:
-# All the INSERT permissions, and the UPDATE permission for the bug
-# table are necessary only because the test that test
-# send-bug-notifications.py needs them. They should be removed
-# when bug 37456 is fixed.
-type=user
groups=script
public.account = SELECT
public.answercontact = SELECT
public.archive = SELECT
public.archivearch = SELECT
+public.bug = SELECT, INSERT, UPDATE
+public.bugactivity = SELECT, INSERT
+public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
public.bugattachment = SELECT
+public.bugjob = SELECT, INSERT
+public.bugmessage = SELECT, INSERT
+public.bugnomination = SELECT
public.bugnotification = SELECT, INSERT, UPDATE
public.bugnotificationfilter = SELECT, INSERT
public.bugnotificationrecipient = SELECT, INSERT, UPDATE
public.bugsubscription = SELECT, INSERT
public.bugsubscriptionfilter = SELECT, INSERT
+public.bugsubscriptionfilterimportance = SELECT, INSERT
public.bugsubscriptionfilterstatus = SELECT, INSERT
-public.bugsubscriptionfilterimportance = SELECT, INSERT
public.bugsubscriptionfiltertag = SELECT, INSERT
-public.bugnomination = SELECT
-public.bug = SELECT, INSERT, UPDATE
-public.bugactivity = SELECT, INSERT
-public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
-public.bugjob = SELECT, INSERT
-public.bugmessage = SELECT, INSERT
public.bugtag = SELECT
public.bugtask = SELECT, INSERT, UPDATE
public.bugwatch = SELECT
+public.component = SELECT
public.distribution = SELECT, UPDATE
+public.distributionsourcepackage = SELECT, INSERT, UPDATE
+public.distroseries = SELECT
+public.emailaddress = SELECT
public.job = SELECT, INSERT, UPDATE
-public.component = SELECT
+public.language = SELECT
+public.libraryfilealias = SELECT
+public.libraryfilecontent = SELECT
+public.message = SELECT, INSERT
+public.messagechunk = SELECT, INSERT
+public.milestone = SELECT
public.packagebugsupervisor = SELECT
public.person = SELECT
+public.personlanguage = SELECT
public.personsettings = SELECT
-public.personlanguage = SELECT
public.product = SELECT, UPDATE
+public.productseries = SELECT
public.project = SELECT, UPDATE
-public.productseries = SELECT
public.question = SELECT
public.questionbug = SELECT
public.questionsubscription = SELECT
-public.distributionsourcepackage = SELECT, INSERT, UPDATE
-public.distroseries = SELECT
public.section = SELECT
public.sourcepackagename = SELECT
+public.sourcepackagepublishinghistory = SELECT
public.sourcepackagerelease = SELECT
-public.sourcepackagepublishinghistory = SELECT
-public.emailaddress = SELECT
-public.libraryfilealias = SELECT
-public.libraryfilecontent = SELECT
-public.message = SELECT, INSERT
-public.messagechunk = SELECT, INSERT
-public.milestone = SELECT
public.structuralsubscription = SELECT
public.teammembership = SELECT
public.teamparticipation = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
-public.language = SELECT
+type=user
[personnotification]
-type=user
groups=script
+public.emailaddress = SELECT
+public.libraryfilealias = SELECT
+public.libraryfilecontent = SELECT
+public.message = SELECT
+public.messagechunk = SELECT
+public.person = SELECT
public.personnotification = SELECT, UPDATE, DELETE
-public.person = SELECT
-public.emailaddress = SELECT
-public.libraryfilealias = SELECT
-public.libraryfilecontent = SELECT
-public.message = SELECT
-public.messagechunk = SELECT
public.teammembership = SELECT
public.teamparticipation = SELECT
public.validpersoncache = SELECT
public.validpersonorteamcache = SELECT
+type=user
[rosettaadmin]
-type=user
groups=script
public.customlanguagecode = SELECT, INSERT, UPDATE, DELETE
public.distribution = SELECT
@@ -1606,12 +1518,11 @@
public.translationmessage = SELECT, INSERT, UPDATE, DELETE
public.translationrelicensingagreement = SELECT
public.translationtemplateitem = SELECT, INSERT, UPDATE, DELETE
+public.translator = SELECT
public.validpersoncache = SELECT
-public.translator = SELECT
+type=user
-# Any script that approves translation uploads.
[translations_approval]
-type=group
public.customlanguagecode = SELECT
public.distribution = SELECT
public.distroseries = SELECT
@@ -1633,14 +1544,14 @@
public.translationrelicensingagreement = SELECT
public.translationtemplateitem = SELECT
public.translator = SELECT
+type=group
[translationsbranchscanner]
-type=user
groups=branchscanner,translations_approval
public.translationtemplatesbuild = SELECT, INSERT
+type=user
[translationstobranch]
-type=user
groups=script
public.account = SELECT
public.branch = SELECT, UPDATE
@@ -1661,165 +1572,127 @@
public.teammembership = SELECT
public.translationmessage = SELECT
public.translationtemplateitem = SELECT
+type=user
[oopsprune]
-type=user
groups=script
public.bug = SELECT
public.bugtask = SELECT
public.message = SELECT
public.messagechunk = SELECT
public.question = SELECT
+type=user
[listteammembers]
-type=user
public.emailaddress = SELECT
public.person = SELECT
public.signedcodeofconduct = SELECT
public.sshkey = SELECT
public.teamparticipation = SELECT
-
-# This group is now created automatically
-# Readonly access to everything
-#[read]
-#type=group
-
-# This group is now created automatically
-# Full access to everything.
-# [admin]
-# type=group
+type=user
+
+[read]
+
+[admin]
[processmail]
-type=user
groups=script
-
-# Incoming emails are stored in the librarian
-public.libraryfilealias = SELECT, INSERT
-public.libraryfilecontent = SELECT, INSERT
-
-# Access to people
public.account = SELECT, INSERT
public.accountpassword = SELECT, INSERT
-public.emailaddress = SELECT
-public.gpgkey = SELECT
-public.language = SELECT
-public.person = SELECT, UPDATE
-public.personlanguage = SELECT
-public.teammembership = SELECT
-public.teamparticipation = SELECT
-public.validpersoncache = SELECT
-public.validpersonorteamcache = SELECT
-
-# Access to BugTargets, QuestionTarget and SpecTarget
+public.answercontact = SELECT
public.archive = SELECT
public.archivearch = SELECT
-public.component = SELECT
-public.distribution = SELECT, UPDATE
-public.distributionsourcepackage = SELECT, INSERT, UPDATE
-public.distrocomponentuploader = SELECT
public.archivepermission = SELECT
-public.distroseries = SELECT
-public.project = SELECT, UPDATE
-public.product = SELECT, UPDATE
-public.productseries = SELECT
-public.packagebugsupervisor = SELECT
-public.sourcepackagename = SELECT
-public.sourcepackagerelease = SELECT
-public.sourcepackagepublishinghistory = SELECT
-public.structuralsubscription = SELECT
-public.section = SELECT
-
-# Karma
-public.karma = SELECT, INSERT
-public.karmaaction = SELECT
-
-# Creation of messages (bug & question comments)
-public.message = SELECT, INSERT
-public.messagechunk = SELECT, INSERT
-
-# Bug update
+public.binarypackagebuild = SELECT
+public.binarypackagename = SELECT
+public.binarypackagepublishinghistory = SELECT
+public.binarypackagerelease = SELECT
+public.branch = SELECT, INSERT, UPDATE
+public.branchmergeproposal = SELECT, INSERT, UPDATE
+public.branchmergeproposaljob = SELECT, INSERT
+public.branchsubscription = SELECT, INSERT
+public.branchvisibilitypolicy = SELECT
public.bug = SELECT, INSERT, UPDATE
public.bugactivity = SELECT, INSERT
public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
+public.bugattachment = SELECT, INSERT
+public.bugbranch = SELECT
+public.bugcve = SELECT, INSERT
public.bugjob = SELECT, INSERT
-public.bugsubscription = SELECT, INSERT
-public.bugsubscriptionfilter = SELECT, INSERT, UPDATE, DELETE
-public.bugsubscriptionfilterstatus = SELECT, INSERT, UPDATE, DELETE
-public.bugsubscriptionfilterimportance = SELECT, INSERT, UPDATE, DELETE
-public.bugsubscriptionfiltertag = SELECT, INSERT, UPDATE, DELETE
+public.bugmessage = SELECT, INSERT
+public.bugnomination = SELECT, INSERT, UPDATE
public.bugnotification = SELECT, INSERT
-public.bugnotificationfilter = SELECT, INSERT
public.bugnotificationattachment = SELECT
+public.bugnotificationfilter = SELECT, INSERT
public.bugnotificationrecipient = SELECT, INSERT
-public.bugnomination = SELECT, INSERT, UPDATE
+public.bugsubscription = SELECT, INSERT, UPDATE, DELETE
+public.bugsubscriptionfilter = SELECT, INSERT, UPDATE, DELETE
+public.bugsubscriptionfilterimportance = SELECT, INSERT, UPDATE, DELETE
+public.bugsubscriptionfilterstatus = SELECT, INSERT, UPDATE, DELETE
+public.bugsubscriptionfiltertag = SELECT, INSERT, UPDATE, DELETE
public.bugtag = SELECT, INSERT, DELETE
public.bugtask = SELECT, INSERT, UPDATE
-public.bugmessage = SELECT, INSERT
-public.bugsubscription = SELECT, INSERT, UPDATE, DELETE
public.bugtracker = SELECT, INSERT
public.bugtrackeralias = SELECT, INSERT
public.bugwatch = SELECT, INSERT
-public.milestone = SELECT
-
-# Creating a new bugtask - checking for duplicates
-public.binarypackagebuild = SELECT
-public.binarypackagename = SELECT
-public.binarypackagepublishinghistory = SELECT
-public.binarypackagerelease = SELECT
-public.distroarchseries = SELECT
-
-# CVE updates
-public.cve = SELECT, INSERT
-public.bugcve = SELECT, INSERT
-
-# Adding comment to question
-public.faq = SELECT
-public.question = SELECT, UPDATE
-public.questionmessage = SELECT, INSERT
-public.questionbug = SELECT
-
-# Question notifications
-public.answercontact = SELECT
-public.questionsubscription = SELECT
-
-# Specification notifications
-public.specification = SELECT
-public.specificationsubscription = SELECT
-
-# Emails may have files attached.
-public.bugattachment = SELECT, INSERT
-
-# Emails for code reviews.
-public.branch = SELECT, INSERT, UPDATE
-public.branchmergeproposal = SELECT, INSERT, UPDATE
-public.branchmergeproposaljob = SELECT, INSERT
-public.branchsubscription = SELECT, INSERT
-public.branchvisibilitypolicy = SELECT
-public.bugbranch = SELECT
public.codeimport = SELECT
public.codereviewmessage = SELECT, INSERT
public.codereviewvote = SELECT, INSERT, UPDATE
+public.component = SELECT
+public.cve = SELECT, INSERT
public.diff = SELECT, INSERT, UPDATE
+public.distribution = SELECT, UPDATE
+public.distributionsourcepackage = SELECT, INSERT, UPDATE
+public.distroarchseries = SELECT
+public.distrocomponentuploader = SELECT
public.distroseries = SELECT
+public.emailaddress = SELECT
+public.faq = SELECT
+public.gpgkey = SELECT
public.job = SELECT, INSERT, UPDATE
+public.karma = SELECT, INSERT
+public.karmaaction = SELECT
+public.language = SELECT
+public.libraryfilealias = SELECT, INSERT
+public.libraryfilecontent = SELECT, INSERT
public.mergedirectivejob = SELECT, INSERT
+public.message = SELECT, INSERT
+public.messagechunk = SELECT, INSERT
+public.milestone = SELECT
+public.packagebugsupervisor = SELECT
+public.person = SELECT, UPDATE
+public.personlanguage = SELECT
public.previewdiff = SELECT
+public.product = SELECT, UPDATE
+public.productseries = SELECT
+public.project = SELECT, UPDATE
+public.question = SELECT, UPDATE
+public.questionbug = SELECT
+public.questionmessage = SELECT, INSERT
+public.questionsubscription = SELECT
+public.section = SELECT
+public.seriessourcepackagebranch = SELECT
+public.sourcepackagename = SELECT
+public.sourcepackagepublishinghistory = SELECT
+public.sourcepackagerelease = SELECT
+public.specification = SELECT
+public.specificationsubscription = SELECT
public.staticdiff = SELECT, INSERT, UPDATE
-public.sourcepackagename = SELECT
-public.seriessourcepackagebranch = SELECT
-
+public.structuralsubscription = SELECT
+public.teammembership = SELECT
+public.teamparticipation = SELECT
+public.validpersoncache = SELECT
+public.validpersonorteamcache = SELECT
+type=user
[mlist-sync]
-# The mailing list sync user
-type=user
groups=script
+public.emailaddress = SELECT, UPDATE
public.mailinglist = SELECT
public.person = SELECT
-public.emailaddress = SELECT, UPDATE
+type=user
[mlist-import]
-# The mailing list import user
-type=user
public.emailaddress = SELECT, INSERT, UPDATE
public.mailinglist = SELECT, INSERT, UPDATE
public.mailinglistsubscription = SELECT, INSERT, UPDATE
@@ -1827,56 +1700,53 @@
public.personsettings = SELECT, INSERT
public.teammembership = SELECT, INSERT, UPDATE
public.teamparticipation = SELECT, INSERT, UPDATE
+type=user
[hwdb-submission-processor]
-# The user that updates the HWDB with data from new submissions
-type=user
groups=script
-public.person = SELECT
+public.hwdevice = SELECT, INSERT
+public.hwdeviceclass = SELECT, INSERT
public.hwdevicedriverlink = SELECT, INSERT
public.hwdevicenamevariant = SELECT, INSERT
-public.hwdevice = SELECT, INSERT
-public.hwdeviceclass = SELECT, INSERT
+public.hwdmihandle = SELECT, INSERT
public.hwdmivalue = SELECT, INSERT
-public.hwdmihandle = SELECT, INSERT
public.hwdriver = SELECT, INSERT
+public.hwsubmission = SELECT, UPDATE
public.hwsubmissiondevice = SELECT, INSERT
-public.hwsubmission = SELECT, UPDATE
+public.hwtest = SELECT
+public.hwtestanswer = SELECT
public.hwtestanswerchoice = SELECT
+public.hwtestanswercount = SELECT
public.hwtestanswercountdevice = SELECT
-public.hwtestanswercount = SELECT
public.hwtestanswerdevice = SELECT
-public.hwtestanswer = SELECT
-public.hwtest = SELECT
public.hwvendorid = SELECT, INSERT
public.hwvendorname = SELECT, INSERT
public.libraryfilealias = SELECT
public.libraryfilecontent = SELECT
+public.person = SELECT
public.teamparticipation = SELECT
+type=user
[builddcontroller]
-# The user than runs the buildd controller.
+public.builder = SELECT, UPDATE
+public.processor = SELECT
type=user
-public.processor = SELECT
-public.builder = SELECT, UPDATE
[binaryfile-expire]
-# The user that expires binary files from the librarian.
-type=user
groups=script
public.archive = SELECT
public.binarypackagefile = SELECT
public.binarypackagepublishinghistory = SELECT
public.binarypackagerelease = SELECT
public.distribution = SELECT
+public.libraryfilealias = SELECT, UPDATE
public.person = SELECT
-public.libraryfilealias = SELECT, UPDATE
-public.sourcepackagereleasefile = SELECT
public.sourcepackagepublishinghistory = SELECT
public.sourcepackagerelease = SELECT
+public.sourcepackagereleasefile = SELECT
+type=user
[create-merge-proposals]
-type=user
groups=script
public.account = SELECT
public.accountpassword = SELECT
@@ -1894,8 +1764,8 @@
public.emailaddress = SELECT
public.gpgkey = SELECT
public.job = SELECT, INSERT, UPDATE
+public.karma = SELECT, INSERT
public.karmaaction = SELECT
-public.karma = SELECT, INSERT
public.libraryfilealias = SELECT, INSERT
public.libraryfilecontent = SELECT, INSERT
public.mergedirectivejob = SELECT
@@ -1910,9 +1780,9 @@
public.staticdiff = SELECT, INSERT
public.teamparticipation = SELECT
public.validpersoncache = SELECT
+type=user
[merge-proposal-jobs]
-type=user
groups=script
public.account = SELECT
public.accountpassword = SELECT
@@ -1933,8 +1803,8 @@
public.emailaddress = SELECT
public.incrementaldiff = SELECT, INSERT
public.job = SELECT, INSERT, UPDATE
+public.karma = SELECT, INSERT
public.karmaaction = SELECT
-public.karma = SELECT, INSERT
public.libraryfilealias = SELECT, INSERT
public.libraryfilecontent = SELECT, INSERT
public.mergedirectivejob = SELECT
@@ -1951,16 +1821,16 @@
public.teammembership = SELECT
public.teamparticipation = SELECT
public.validpersoncache = SELECT
+type=user
[upgrade-branches]
-type=user
groups=script
public.branch = SELECT, UPDATE
public.branchjob = SELECT, INSERT
public.job = SELECT, INSERT, UPDATE
+type=user
[send-branch-mail]
-type=user
groups=script
public.account = SELECT
public.accountpassword = SELECT
@@ -1968,8 +1838,8 @@
public.branchjob = SELECT
public.branchmergeproposal = SELECT, INSERT, UPDATE
public.branchmergeproposaljob = SELECT, INSERT
-public.branchsubscription = SELECT
public.branchrevision = SELECT
+public.branchsubscription = SELECT
public.codereviewmessage = SELECT, INSERT
public.codereviewvote = SELECT, INSERT
public.diff = SELECT, INSERT
@@ -1977,8 +1847,8 @@
public.distroseries = SELECT
public.emailaddress = SELECT
public.job = SELECT, INSERT, UPDATE
+public.karma = SELECT, INSERT
public.karmaaction = SELECT
-public.karma = SELECT, INSERT
public.libraryfilealias = SELECT, INSERT
public.libraryfilecontent = SELECT, INSERT
public.mergedirectivejob = SELECT
@@ -1995,69 +1865,65 @@
public.teammembership = SELECT
public.teamparticipation = SELECT
public.validpersoncache = SELECT
+type=user
[reclaim-branch-space]
-type=user
groups=script
public.branchjob = SELECT
public.job = SELECT, UPDATE
+type=user
[updateremoteproduct]
-# Updates Product.remote_product using bug watch information.
-type=user
groups=script
public.account = SELECT, INSERT, UPDATE
+public.accountpassword = SELECT, INSERT
+public.bug = SELECT, INSERT, UPDATE
+public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
+public.bugjob = SELECT, INSERT
+public.bugmessage = SELECT, INSERT
+public.bugsubscription = SELECT, INSERT
+public.bugsubscriptionfilter = SELECT, INSERT
+public.bugsubscriptionfilterimportance = SELECT, INSERT
+public.bugsubscriptionfilterstatus = SELECT, INSERT
+public.bugsubscriptionfiltertag = SELECT, INSERT
+public.bugtag = SELECT
+public.bugtask = SELECT, INSERT, UPDATE
+public.bugtracker = SELECT, INSERT
+public.bugtrackeralias = SELECT
+public.bugwatch = SELECT, INSERT
+public.emailaddress = SELECT, INSERT, UPDATE
+public.hwsubmission = SELECT
+public.job = SELECT, INSERT, UPDATE
+public.message = SELECT, INSERT
+public.messagechunk = SELECT, INSERT
public.person = SELECT, INSERT
public.personsettings = SELECT, INSERT
public.product = SELECT, INSERT, UPDATE
+public.productlicense = SELECT, INSERT
public.productseries = SELECT, INSERT
-public.productlicense = SELECT, INSERT
-public.bugtracker = SELECT, INSERT
-public.bugwatch = SELECT, INSERT
-public.bug = SELECT, INSERT, UPDATE
-public.bugjob = SELECT, INSERT
-public.bugaffectsperson = SELECT, INSERT, UPDATE, DELETE
-public.bugtag = SELECT
-public.bugtask = SELECT, INSERT, UPDATE
-public.accountpassword = SELECT, INSERT
-public.teamparticipation = SELECT, INSERT
-public.emailaddress = SELECT, INSERT, UPDATE
-public.hwsubmission = SELECT
public.revisionauthor = SELECT
-public.bugtrackeralias = SELECT
-public.message = SELECT, INSERT
-public.messagechunk = SELECT, INSERT
-public.bugsubscription = SELECT, INSERT
-public.bugsubscriptionfilter = SELECT, INSERT
-public.bugsubscriptionfilterstatus = SELECT, INSERT
-public.bugsubscriptionfilterimportance = SELECT, INSERT
-public.bugsubscriptionfiltertag = SELECT, INSERT
-public.bugmessage = SELECT, INSERT
public.sourcepackagename = SELECT
-public.job = SELECT, INSERT, UPDATE
+public.teamparticipation = SELECT, INSERT
+type=user
[updatesourceforgeremoteproduct]
-# Updates Product.remote_product using SourceForge project data.
-type=user
groups=script
-public.product = SELECT, UPDATE
public.bugtracker = SELECT
+public.product = SELECT, UPDATE
+type=user
[updatebugzillaremotecomponents]
-# Retrieves/updates BugTracker component info from Bugzillas
-type=user
groups=script
public.bugtracker = SELECT, UPDATE
public.bugtrackercomponent = SELECT, INSERT, UPDATE, DELETE
public.bugtrackercomponentgroup = SELECT, INSERT, UPDATE, DELETE
+type=user
[process-job-source-groups]
-# Does not need access to tables.
+groups=script
type=user
-groups=script
[person-transfer-job]
-type=user
groups=script
public.account = SELECT
public.emailaddress = SELECT
@@ -2065,9 +1931,9 @@
public.person = SELECT
public.persontransferjob = SELECT
public.teammembership = SELECT
+type=user
[person-merge-job]
-type=user
groups=script
public.account = SELECT, UPDATE
public.announcement = SELECT, UPDATE
@@ -2191,66 +2057,60 @@
public.votecast = SELECT, UPDATE
public.webserviceban = SELECT, UPDATE, DELETE
public.wikiname = SELECT, UPDATE
+type=user
[weblogstats]
-# For the script that parses our Apache/Squid logfiles and updates statistics
-type=user
public.libraryfilealias = SELECT
public.libraryfiledownloadcount = SELECT, INSERT, UPDATE, DELETE
+type=user
[garbo]
-# garbo_hourly and garbo_daily script permissions. We define the
-# permissions here in this group instead of in the users, so tasks can
-# be shuffled around between the daily and hourly sections without
-# changing DB permissions.
-type=user
groups=script,read
+public.branchjob = SELECT, DELETE
public.bug = SELECT, UPDATE
+public.bugaffectsperson = SELECT
public.bugattachment = SELECT, DELETE
-public.bugsubscription = SELECT
-public.bugsubscriptionfilter = SELECT
-public.bugsubscriptionfilterstatus = SELECT
-public.bugsubscriptionfilterimportance = SELECT
-public.bugsubscriptionfiltertag = SELECT
-public.bugaffectsperson = SELECT
+public.bugjob = SELECT, INSERT
public.bugmessage = SELECT, UPDATE
public.bugnotification = SELECT, DELETE
public.bugnotificationfilter = SELECT, DELETE
public.bugnotificationrecipientarchive = SELECT
+public.bugsubscription = SELECT
+public.bugsubscriptionfilter = SELECT
+public.bugsubscriptionfilterimportance = SELECT
+public.bugsubscriptionfilterstatus = SELECT
+public.bugsubscriptionfiltertag = SELECT
public.bugtag = SELECT
public.bugwatch = SELECT, UPDATE
public.bugwatchactivity = SELECT, DELETE
public.codeimportevent = SELECT, DELETE
public.codeimporteventdata = SELECT, DELETE
public.codeimportresult = SELECT, DELETE
+public.emailaddress = SELECT, UPDATE
+public.hwsubmission = SELECT, UPDATE
+public.job = SELECT, INSERT, DELETE
+public.mailinglistsubscription = SELECT, DELETE
public.oauthnonce = SELECT, DELETE
public.openidassociation = SELECT, DELETE
public.openidconsumerassociation = SELECT, DELETE
public.openidconsumernonce = SELECT, DELETE
+public.person = SELECT, DELETE
public.potranslation = SELECT, DELETE
+public.revisionauthor = SELECT, UPDATE
public.revisioncache = SELECT, DELETE
-public.person = SELECT, DELETE
-public.revisionauthor = SELECT, UPDATE
-public.hwsubmission = SELECT, UPDATE
-public.mailinglistsubscription = SELECT, DELETE
public.suggestivepotemplate = INSERT, DELETE
public.teamparticipation = SELECT, DELETE
-public.emailaddress = SELECT, UPDATE
-public.job = SELECT, INSERT, DELETE
-public.branchjob = SELECT, DELETE
-public.bugjob = SELECT, INSERT
+type=user
[garbo_daily]
+groups=garbo
type=user
-groups=garbo
[garbo_hourly]
+groups=garbo
type=user
-groups=garbo
[generateppahtaccess]
-# For the generate_ppa_htaccess.py cronscript.
-type=user
groups=script
public.archive = SELECT
public.archiveauthtoken = SELECT, UPDATE
@@ -2263,70 +2123,66 @@
public.publisherconfig = SELECT
public.teammembership = SELECT
public.teamparticipation = SELECT
+type=user
[branch-rewrite]
+public.branch = SELECT
type=user
-public.branch = SELECT
[nagios]
-type=user
public.archive = SELECT
+public.binarypackagebuild = SELECT
+public.branch = SELECT
public.buildfarmjob = SELECT
-public.databasereplicationlag = SELECT
-public.packagebuild = SELECT
-public.binarypackagebuild = SELECT
+public.buildpackagejob = SELECT
public.buildqueue = SELECT
-public.buildpackagejob = SELECT
+public.databasereplicationlag = SELECT
public.job = SELECT
public.libraryfilecontent = SELECT
public.openidrpconfig = SELECT
-public.branch = SELECT
+public.packagebuild = SELECT
+type=user
[modified-branches]
+public.branch = SELECT
type=user
-public.branch = SELECT
[calculate-bug-heat]
-type=user
groups=script,read
public.bug = SELECT, UPDATE
-public.job = SELECT, UPDATE, DELETE
public.bugjob = SELECT, DELETE
public.distribution = SELECT, UPDATE
public.distributionsourcepackage = SELECT, INSERT, UPDATE
public.distroseries = SELECT
+public.job = SELECT, UPDATE, DELETE
public.product = SELECT, UPDATE
public.productseries = SELECT
public.project = SELECT, UPDATE
-
+type=user
[lagmon]
-# cache-database-replication-lag.py
-type=user
public.update_replication_lag_cache() = EXECUTE
+type=user
[process-apport-blobs]
-type=user
groups=script,read
+public.apportjob = SELECT, INSERT, UPDATE, DELETE
public.job = SELECT, UPDATE, DELETE
-public.apportjob = SELECT, INSERT, UPDATE, DELETE
public.libraryfilealias = SELECT, INSERT, UPDATE
public.libraryfilecontent = SELECT, INSERT, UPDATE
+type=user
[update-pkg-cache]
-# update-pkg-cache.py split off from the statistician user so that it's easier
-# to see its activity separate from update-stats.py
-type=user
groups=statistician
+type=user
[database_stats_update]
-type=user
groups=script
public.update_database_stats() = EXECUTE
+type=user
[database_stats_report]
-type=user
groups=script
+public.databasecpustats = SELECT
public.databasetablestats = SELECT
-public.databasecpustats = SELECT
-
+type=user
=== added file 'lib/lp/scripts/utilities/settingsauditor.py'
--- lib/lp/scripts/utilities/settingsauditor.py 1970-01-01 00:00:00 +0000
+++ lib/lp/scripts/utilities/settingsauditor.py 2011-04-25 20:27:32 +0000
@@ -0,0 +1,108 @@
+# Copyright 2011 Canonical Ltd. This software is licensed under the
+# GNU Affero General Public License version 3 (see the file LICENSE).
+
+"""Contains the seting auditor used to clean up security.cfg."""
+
+__metaclass__ = type
+
+__all__ = [
+ "SettingsAuditor",
+ ]
+
+from collections import defaultdict
+import re
+
+
+class SettingsAuditor:
+ """Reads the security.cfg file and collects errors.
+
+ We can't just use ConfigParser for this case, as we're doing our own
+ specialized parsing--not interpreting the settings, but verifying."""
+
+ header_regex = re.compile(r'.*?(?=\[)', re.MULTILINE|re.DOTALL)
+ section_regex = re.compile(
+ r'\[.*?\].*?(?=(\[)|($\Z))', re.MULTILINE|re.DOTALL)
+ section_label_regex = re.compile(r'\[.*\]')
+
+ def __init__(self, data):
+ self.data = data
+ self.errors = {}
+ self.current_section = ''
+ self.observed_settings = defaultdict(lambda: 0)
+
+ def _getHeader(self):
+ """Removes the header comments from the security file.
+
+ The comments at the start of the file aren't something we
+ want to kill.
+ """
+ header = self.header_regex.match(self.data)
+ if header is not None:
+ header = header.group()
+ self.data = self.data.replace(header, '')
+ return header
+
+ def _strip(self, data):
+ data = [d.strip() for d in data]
+ return [d for d in data if not (d.startswith('#') or d == '')]
+
+ def _getSectionName(self, line):
+ if line.strip().startswith('['):
+ return self.section_regex.match(line).group()
+ else:
+ return None
+
+ def _separateConfigBlocks(self):
+ # We keep the copy of config_labels so we can keep them in order.
+ self.config_blocks = {}
+ self.config_labels = []
+ while self.data != '':
+ section = self.section_regex.match(self.data)
+ section = section.group()
+ self.data = self.data.replace(section, '')
+ label = self.section_label_regex.match(section).group()
+ self.config_labels.append(label)
+ self.config_blocks[label] = section
+
+ def _processBlocks(self):
+ for block in self.config_labels:
+ data = set(self.config_blocks[block].split('\n')[1:])
+ data.discard('')
+ data = [line for line in sorted(data)
+ if line.strip() != '' and
+ not line.strip().startswith('#')]
+ self._checkForDupes(data, block)
+ data = '\n'.join([block] + data)
+ self.config_blocks[block] = data
+
+ def _checkForDupes(self, data, label):
+ settings = defaultdict(lambda: 0)
+ for line in data:
+ settings[self._getSetting(line)] += 1
+ dupe_settings = [setting for setting in settings.keys()
+ if settings[setting] > 1]
+ if dupe_settings != []:
+ self.errors[label] = dupe_settings
+
+ def _getSetting(self, line):
+ return line.split()[0]
+
+ def audit(self):
+ header = self._getHeader()
+ self._separateConfigBlocks()
+ self._processBlocks()
+ data = []
+ for label in self.config_labels:
+ data.append(self.config_blocks[label])
+ return '%s%s' % (header, '\n\n'.join(data))
+
+ @property
+ def error_data(self):
+ error_data = []
+ error_data.append("The following errors were found in security.cfg")
+ error_data.append("-----------------------------------------------")
+ for section in self.errors.keys():
+ error_data.append("In section: %s" % section)
+ for setting in self.errors[section]:
+ error_data.append('\tDuplicate setting found: %s' % setting)
+ return '\n'.join(error_data)
=== modified file 'lib/lp/scripts/utilities/tests/test_audit_security_settings.py'
--- lib/lp/scripts/utilities/tests/test_audit_security_settings.py 2011-04-20 16:14:10 +0000
+++ lib/lp/scripts/utilities/tests/test_audit_security_settings.py 2011-04-25 20:27:32 +0000
@@ -1,4 +1,3 @@
-
# Copyright 2011 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
@@ -6,21 +5,81 @@
__metaclass__ = type
-import os
-from canonical.config import config
from canonical.testing.layers import BaseLayer
+from lp.scripts.utilities.settingsauditor import SettingsAuditor
from lp.testing import TestCase
-class TestAuditSecuitySettings(TestCase):
+class TestAuditSecuritySettings(TestCase):
layer = BaseLayer
- def test_duplicate_parsing(self):
- utility = os.path.join(
- config.root, 'utilities', 'audit-security-settings.py')
- cmd = '%s smoketest' % utility
- error_msg = os.popen(cmd).read()
- expected = '[bad]\n\tDuplicate setting found: public.bar\n'
- self.assertTrue(expected in error_msg)
+ def setUp(self):
+ super(TestAuditSecuritySettings, self).setUp()
+ self.test_settings = (
+ '# This is the header.\n'
+ '[good]\n'
+ 'public.foo = SELECT\n'
+ 'public.bar = SELECT, INSERT\n'
+ 'public.baz = SELECT\n'
+ '\n'
+ '[bad]\n'
+ 'public.foo = SELECT\n'
+ 'public.bar = SELECT, INSERT\n'
+ 'public.bar = SELECT\n'
+ 'public.baz = SELECT')
+
+ def test_getHeader(self):
+ sa = SettingsAuditor(self.test_settings)
+ header = sa._getHeader()
+ self.assertEqual(
+ header,
+ '# This is the header.\n')
+
+ def test_extract_config_blocks(self):
+ test_settings = self.test_settings.replace(
+ '# This is the header.\n', '')
+ sa = SettingsAuditor(test_settings)
+ sa._separateConfigBlocks()
+ self.assertContentEqual(
+ ['[good]', '[bad]'],
+ sa.config_blocks.keys())
+
+ def test_audit_block(self):
+ sa = SettingsAuditor('')
+ test_block = (
+ '[bad]\n'
+ 'public.foo = SELECT\n'
+ 'public.bar = SELECT, INSERT\n'
+ 'public.bar = SELECT\n'
+ 'public.baz = SELECT\n')
+ sa.config_blocks = {'[bad]': test_block}
+ sa.config_labels = ['[bad]']
+ sa._processBlocks()
+ expected = (
+ '[bad]\n'
+ 'public.bar = SELECT\n'
+ 'public.bar = SELECT, INSERT\n'
+ 'public.baz = SELECT\n'
+ 'public.foo = SELECT')
+ self.assertEqual(expected, sa.config_blocks['[bad]'])
+ expected_error = '[bad]\n\tDuplicate setting found: public.bar'
+ self.assertTrue(expected_error in sa.error_data)
+
+ def test_audit(self):
+ sa = SettingsAuditor(self.test_settings)
+ new_settings = sa.audit()
+ expected_settings = (
+ '# This is the header.\n'
+ '[good]\n'
+ 'public.bar = SELECT, INSERT\n'
+ 'public.baz = SELECT\n'
+ 'public.foo = SELECT\n'
+ '\n'
+ '[bad]\n'
+ 'public.bar = SELECT\n'
+ 'public.bar = SELECT, INSERT\n'
+ 'public.baz = SELECT\n'
+ 'public.foo = SELECT')
+ self.assertEqual(expected_settings, new_settings)
=== modified file 'utilities/audit-security-settings.py'
--- utilities/audit-security-settings.py 2011-04-19 15:27:55 +0000
+++ utilities/audit-security-settings.py 2011-04-25 20:27:32 +0000
@@ -12,23 +12,10 @@
__metatype__ = type
import os
-import sys
-import re
-
-from collections import defaultdict
-
-TEST_DATA = """
-[good]
-public.foo = SELECT
-public.bar = SELECT, INSERT
-public.baz = SELECT
-
-[bad]
-public.foo = SELECT
-public.bar = SELECT, INSERT
-public.bar = SELECT
-public.baz = SELECT
-"""
+
+import _pythonpath
+from lp.scripts.utilities.settingsauditor import SettingsAuditor
+
BRANCH_ROOT = os.path.split(
os.path.dirname(os.path.abspath(__file__)))[0]
@@ -36,77 +23,12 @@
BRANCH_ROOT, 'database', 'schema', 'security.cfg')
-def strip(data):
- data = [d.strip() for d in data]
- return [d for d in data if not (d.startswith('#') or d == '')]
-
-
-class SettingsAuditor:
- """Reads the security.cfg file and collects errors.
-
- We can't just use ConfigParser for this case, as we're doing our own
- specialized parsing--not interpreting the settings, but verifying."""
-
- section_regex = re.compile(r'\[.*\]')
-
- def __init__(self):
- self.errors = {}
- self.current_section = ''
- self.observed_settings = defaultdict(lambda: 0)
-
- def _get_section_name(self, line):
- if line.strip().startswith('['):
- return self.section_regex.match(line).group()
- else:
- return None
-
- def _get_setting(self, line):
- return line.split()[0]
-
- def start_new_section(self, new_section):
- for k in self.observed_settings.keys():
- if self.observed_settings[k] == 1:
- self.observed_settings.pop(k)
- duplicated_settings = self.observed_settings.keys()
- if len(duplicated_settings) > 0:
- self.errors[self.current_section] = self.observed_settings.keys()
- self.observed_settings = defaultdict(lambda: 0)
- self.current_section = new_section
-
- def readline(self, line):
- new_section = self._get_section_name(line)
- if new_section is not None:
- self.start_new_section(new_section)
- else:
- setting = self._get_setting(line)
- self.observed_settings[setting] += 1
-
- def print_error_data(self):
- print "The following errors were found in security.cfg"
- print "-----------------------------------------------"
- for section in self.errors.keys():
- print "In section: %s" % section
- for setting in self.errors[section]:
- print '\tDuplicate setting found: %s' % setting
-
-
-def main(test=False):
- # This is a cheap hack to allow testing in the testrunner.
- if test:
- data = TEST_DATA.split('\n')
- else:
- data = file(SECURITY_PATH).readlines()
- data = strip(data)
- auditor = SettingsAuditor()
- for line in data:
- auditor.readline(line)
- auditor.start_new_section('')
- auditor.print_error_data()
+def main():
+ data = file(SECURITY_PATH).read()
+ auditor = SettingsAuditor(data)
+ settings = auditor.audit()
+ file(SECURITY_PATH, 'w').write(settings)
+ print auditor.error_data
if __name__ == '__main__':
- # smoketest check is a cheap hack to test the utility in the testrunner.
- try:
- test = sys.argv[1] == 'smoketest'
- except IndexError:
- test = False
- main(test=test)
+ main()
