fix(migration): grant app_user permissions on SNMP tables

The app_user role had no INSERT/UPDATE/DELETE on credential_profiles, snmp_profiles, or snmp_metrics — causing 'permission denied' when creating credential profiles or SNMP profiles from the UI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 07:59:35 -05:00
parent 7dc941e467
commit 1888f850af
3 changed files with 10 additions and 0 deletions
--- a/backend/alembic/versions/037_credential_profiles_table.py
+++ b/backend/alembic/versions/037_credential_profiles_table.py
@@ -66,6 +66,9 @@ def upgrade() -> None:
    conn.execute(
        sa.text("GRANT SELECT ON credential_profiles TO poller_user")
    )
+    conn.execute(
+        sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON credential_profiles TO app_user")
+    )


 def downgrade() -> None:
--- a/backend/alembic/versions/038_snmp_profiles_table.py
+++ b/backend/alembic/versions/038_snmp_profiles_table.py
@@ -652,6 +652,9 @@ def upgrade() -> None:
    conn.execute(
        sa.text("GRANT SELECT ON snmp_profiles TO poller_user")
    )
+    conn.execute(
+        sa.text("GRANT SELECT, INSERT, UPDATE, DELETE ON snmp_profiles TO app_user")
+    )

    # -- Seed 6 system profiles --------------------------------------------
    for profile in SEED_PROFILES:
--- a/backend/alembic/versions/040_snmp_metrics_hypertable.py
+++ b/backend/alembic/versions/040_snmp_metrics_hypertable.py
@@ -75,6 +75,10 @@ def upgrade() -> None:
        """)
    )

+    conn.execute(
+        sa.text("GRANT SELECT, INSERT ON snmp_metrics TO app_user")
+    )
+

 def downgrade() -> None:
    op.drop_table("snmp_metrics")