wooo/ewoooc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev
ewoooc/docker/superset/setup_readonly_users.sql
ogt 1b4f3a7bbe
Some checks failed
CD Pipeline / deploy (push) Failing after 59s
Details
feat: EwoooC 初始化 — 完整專案推版至 Gitea 
- 建立 Gitea Actions CD pipeline (.gitea/workflows/cd.yaml)
- 部署模式: rsync Python 檔案至 188 → docker restart (volume mount)
- Dockerfile/requirements 變動時自動重建 Docker image
- 部署通知: Telegram (開始/成功/失敗)
- 健康檢查: https://mo.wooo.work/health (最多 5 次重試)
- 同步最新 CLAUDE.md / ADR-008 / memory (2026-04-19)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 01:21:13 +08:00

53 lines
2.4 KiB
SQL
Raw Permalink Blame History

-- =============================================================================
-- Superset 唯讀用戶設定
-- 用於 UAT 和 GCP 環境的 PostgreSQL 資料庫
-- =============================================================================
-- 建立唯讀用戶 (在 UAT 資料庫執行)
-- 連線到 momo_analytics 資料庫後執行
-- 1. 建立唯讀角色
CREATE ROLE superset_readonly WITH LOGIN PASSWORD 'Wooo_Superset_RO_2026';
-- 2. 授予連線權限
GRANT CONNECT ON DATABASE momo_analytics TO superset_readonly;
-- 3. 授予 schema 使用權限
GRANT USAGE ON SCHEMA public TO superset_readonly;
-- 4. 授予所有現有資料表的 SELECT 權限
GRANT SELECT ON ALL TABLES IN SCHEMA public TO superset_readonly;
-- 5. 設定預設權限 (新建立的資料表也會自動授權)
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO superset_readonly;
-- 6. 授予序列讀取權限 (某些查詢可能需要)
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO superset_readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO superset_readonly;
-- =============================================================================
-- 驗證權限
-- =============================================================================
-- 使用 superset_readonly 用戶連線後測試:
-- SELECT * FROM products LIMIT 5;
-- SELECT * FROM daily_sales_snapshot LIMIT 5;
-- SELECT * FROM price_records LIMIT 5;
-- =============================================================================
-- 連線字串 (供 Superset 使用)
-- =============================================================================
-- UAT 環境:
-- postgresql+psycopg2://superset_readonly:Wooo_Superset_RO_2026@momo-postgres:5432/momo_analytics
--
-- GCP 環境 (需要從 UAT 連線):
-- postgresql+psycopg2://superset_readonly:Wooo_Superset_RO_2026@35.194.233.141:5432/momo_analytics
-- =============================================================================
-- 撤銷權限 (如需移除)
-- =============================================================================
-- REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM superset_readonly;
-- REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM superset_readonly;
-- REVOKE USAGE ON SCHEMA public FROM superset_readonly;
-- REVOKE CONNECT ON DATABASE momo_analytics FROM superset_readonly;
-- DROP ROLE superset_readonly;
Reference in New Issue View Git Blame Copy Permalink