From e021f558bf1a698bcfed1aca061f2100da0621b5 Mon Sep 17 00:00:00 2001
From: Itz-Agasta <rupamgolui69@gmail.com>
Date: Fri, 30 Jan 2026 20:43:57 +0530
Subject: [PATCH] Restore grants for dynamic tables in tokenizer, migration,
 and tiger import

---
 lib-sql/grants.sql                          | 5 -----
 lib-sql/tiger_import_finish.sql             | 2 ++
 src/nominatim_db/tokenizer/icu_tokenizer.py | 6 ++++++
 src/nominatim_db/tools/migration.py         | 3 +++
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/lib-sql/grants.sql b/lib-sql/grants.sql
index 6e26eaa8..e7ce878d 100644
--- a/lib-sql/grants.sql
+++ b/lib-sql/grants.sql
@@ -42,9 +42,4 @@ GRANT SELECT ON country_osm_grid TO "{{config.DATABASE_WEBUSER}}";
 -- Tokenizer tables (word table)
 {% if 'word' in db.tables %}
 GRANT SELECT ON word TO "{{config.DATABASE_WEBUSER}}";
-{% endif %}
-
--- Tiger import table (if exists)
-{% if 'location_property_tiger_import' in db.tables %}
-GRANT SELECT ON location_property_tiger_import TO "{{config.DATABASE_WEBUSER}}";
 {% endif %}
\ No newline at end of file
diff --git a/lib-sql/tiger_import_finish.sql b/lib-sql/tiger_import_finish.sql
index 914677bd..b7c32d72 100644
--- a/lib-sql/tiger_import_finish.sql
+++ b/lib-sql/tiger_import_finish.sql
@@ -13,6 +13,8 @@ CREATE INDEX IF NOT EXISTS idx_location_property_tiger_parent_place_id_imp
 CREATE UNIQUE INDEX IF NOT EXISTS idx_location_property_tiger_place_id_imp
   ON location_property_tiger_import (place_id) {{db.tablespace.aux_index}};
 
+GRANT SELECT ON location_property_tiger_import TO "{{config.DATABASE_WEBUSER}}";
+
 DROP TABLE IF EXISTS location_property_tiger;
 ALTER TABLE location_property_tiger_import RENAME TO location_property_tiger;
 
diff --git a/src/nominatim_db/tokenizer/icu_tokenizer.py b/src/nominatim_db/tokenizer/icu_tokenizer.py
index 2ddfd8e3..5d90bb27 100644
--- a/src/nominatim_db/tokenizer/icu_tokenizer.py
+++ b/src/nominatim_db/tokenizer/icu_tokenizer.py
@@ -144,6 +144,10 @@ class ICUTokenizer(AbstractTokenizer):
             with conn.cursor() as cur:
                 cur.execute('SET max_parallel_workers_per_gather TO 0')
 
+            sqlp = SQLPreprocessor(conn, config)
+            sqlp.run_string(conn,
+                            'GRANT SELECT ON tmp_word TO "{{config.DATABASE_WEBUSER}}"')
+            conn.commit()
         self._create_base_indices(config, 'tmp_word')
         self._create_lookup_indices(config, 'tmp_word')
         self._move_temporary_word_table('tmp_word')
@@ -241,9 +245,11 @@ class ICUTokenizer(AbstractTokenizer):
                       word text,
                       info jsonb
                     ) {{db.tablespace.search_data}};
+                GRANT SELECT ON word TO "{{config.DATABASE_WEBUSER}}";
 
                 DROP SEQUENCE IF EXISTS seq_word;
                 CREATE SEQUENCE seq_word start 1;
+                GRANT SELECT ON seq_word to "{{config.DATABASE_WEBUSER}}";
             """)
             conn.commit()
 
diff --git a/src/nominatim_db/tools/migration.py b/src/nominatim_db/tools/migration.py
index a2bee6b6..e1edc975 100644
--- a/src/nominatim_db/tools/migration.py
+++ b/src/nominatim_db/tools/migration.py
@@ -137,6 +137,7 @@ def create_placex_entrance_table(conn: Connection, config: Configuration, **_: A
               );
             CREATE UNIQUE INDEX idx_placex_entrance_place_id_osm_id ON placex_entrance
               USING BTREE (place_id, osm_id) {{db.tablespace.search_index}};
+            GRANT SELECT ON placex_entrance TO "{{config.DATABASE_WEBUSER}}" ;
               """)
 
 
@@ -249,6 +250,8 @@ def create_place_postcode_table(conn: Connection, config: Configuration, **_: An
                     geometry Geometry(Geometry, 4326) NOT NULL
                 )
                 """)
+            sqlp.run_string(conn,
+                            'GRANT SELECT ON location_postcodes TO "{{config.DATABASE_WEBUSER}}"')
             # remove postcodes from the various auxillary tables
             cur.execute(
                 """