Moves db grant statements to dedicated script

Centralizes all read-only access grants into a single SQL script, ensuring permissions are managed in one place.
2026-03-10 12:04:06 +00:00 · 2026-01-27 17:49:51 +05:30
parent 67ecf5f6a0
commit ff1f1b06d9
5 changed files with 50 additions and 29 deletions
--- a/src/nominatim_db/tools/migration.py
+++ b/src/nominatim_db/tools/migration.py
@@ -137,7 +137,6 @@ def create_placex_entrance_table(conn: Connection, config: Configuration, **_: A
              );
            CREATE UNIQUE INDEX idx_placex_entrance_place_id_osm_id ON placex_entrance
              USING BTREE (place_id, osm_id) {{db.tablespace.search_index}};
-            GRANT SELECT ON placex_entrance TO "{{config.DATABASE_WEBUSER}}" ;
              """)


@@ -250,8 +249,6 @@ def create_place_postcode_table(conn: Connection, config: Configuration, **_: An
                    geometry Geometry(Geometry, 4326) NOT NULL
                )
                """)
-            sqlp.run_string(conn,
-                            'GRANT SELECT ON location_postcodes TO "{{config.DATABASE_WEBUSER}}"')
            # remove postcodes from the various auxillary tables
            cur.execute(
                """