From de7cec4298262b5391f4e30dfe301849be20d8bb Mon Sep 17 00:00:00 2001
From: Ibraheem Saleh <Ibraheem.Y.Saleh@jpl.nasa.gov>
Date: Thu, 14 Apr 2022 10:35:08 -0700
Subject: [PATCH] AMMOSGH-41: Update user permissions example script to limit
 sadb_user access

---
 .../create_sadb_user_grant_permissions.sql               | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/crypto_sadb/sadb_mariadb_sql/create_sadb_user_grant_permissions.sql b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_user_grant_permissions.sql
index 353884bf..5e05cd6f 100644
--- a/src/crypto_sadb/sadb_mariadb_sql/create_sadb_user_grant_permissions.sql
+++ b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_user_grant_permissions.sql
@@ -1,4 +1,11 @@
+DROP USER IF EXISTS 'sadb_admin';
 DROP USER IF EXISTS 'sadb_user';
+
+CREATE USER IF NOT EXISTS sadb_admin IDENTIFIED BY 'sadb_admin_password';
 CREATE USER IF NOT EXISTS sadb_user IDENTIFIED BY 'sadb_password';
 
-GRANT ALL PRIVILEGES ON sadb.* TO 'sadb_user'@'%';
\ No newline at end of file
+GRANT ALL PRIVILEGES ON sadb.* TO 'sadb_admin'@'%';
+
+GRANT UPDATE (arsn) ON sadb.security_associations TO 'sadb_user'@'%';
+GRANT UPDATE (iv) ON sadb.security_associations TO 'sadb_user'@'%';
+GRANT SELECT ON sadb.security_associations TO 'sadb_user'@'%';
\ No newline at end of file