OpenBankProject
diff --git a/‎obp-api/src/main/scripts/sql/OIDC/cre_v_oidc_clients.sql‎
Lines changed: 1 addition & 0 deletions b/‎obp-api/src/main/scripts/sql/OIDC/cre_v_oidc_clients.sql‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎obp-api/src/main/scripts/sql/OIDC/give_admin_access.sql‎
Lines changed: 21 additions & 0 deletions b/‎obp-api/src/main/scripts/sql/OIDC/give_admin_access.sql‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎obp-api/src/main/scripts/sql/OIDC/give_read_access_to_obp_users.sql‎ b/‎obp-api/src/main/scripts/sql/OIDC/give_read_access_to_obp_users.sql‎
diff --git a/‎obp-api/src/main/scripts/sql/OIDC/give_read_access_to_obp_users_and_write_access_to_obp_consumers.sql‎ b/‎obp-api/src/main/scripts/sql/OIDC/give_read_access_to_obp_users_and_write_access_to_obp_consumers.sql‎
diff --git a/‎obp-api/src/main/scripts/sql/OIDC/give_read_access_to_users.sql‎
Lines changed: 16 additions & 0 deletions b/‎obp-api/src/main/scripts/sql/OIDC/give_read_access_to_users.sql‎
Lines changed: 16 additions & 0 deletions
@@ -34,6 +34,7 @@ ORDER BY client_name;
 COMMENT ON VIEW v_oidc_clients IS 'Read-only view of consumer table for OIDC service access. Only includes active consumers. Note: grant_types and scopes are hardcoded defaults - consider adding these fields to consumer table for full OIDC compliance.';
 
 -- Grant SELECT permission on the OIDC view (oidc_user - read-only access)
+-- not sure OIDC_USER needs this.
 GRANT SELECT ON v_oidc_clients TO :OIDC_USER;
 
 \echo 'OIDC clients view created successfully.'
@@ -0,0 +1,21 @@
+-- =============================================================================
+-- GIVE READ ACCESS TO OBP USERS AND WRITE ACCESS TO OBP CONSUMERS
+-- =============================================================================
+-- This orchestration script grants OIDC_ADMIN_USER read access to user-related views
+-- and full CRUD access to consumer/client management
+-- by including the necessary component scripts
+
+-- Include variable definitions and database connection
+\i set_and_connect.sql
+
+-- Create the OIDC users
+-- TODO check if we need both here.
+\i cre_OIDC_USER.sql
+\i cre_OIDC_ADMIN_USER.sql
+
+-- Create all three views (which include the necessary GRANT statements)
+\i cre_v_oidc_users.sql
+\i cre_v_oidc_clients.sql
+\i cre_v_oidc_admin_clients.sql
+
+\echo 'Bye from give_read_access_to_obp_users_and_write_access_to_obp_consumers.sql'
@@ -0,0 +1,16 @@
+-- =============================================================================
+-- GIVE READ ACCESS TO OBP USERS
+-- =============================================================================
+-- This orchestration script grants OIDC_USER read access to user-related views
+-- by including the necessary component scripts
+
+-- Include variable definitions and database connection
+\i set_and_connect.sql
+
+-- Create the OIDC user if it doesn't exist
+\i cre_OIDC_USER.sql
+
+-- Create the v_oidc_users view (which includes GRANT SELECT to OIDC_USER)
+\i cre_v_oidc_users.sql
+
+\echo 'Bye from give_read_access_to_obp_users.sql'