@tomei/sso 0.50.4 → 0.50.6

package/coverage/test-report.xml

@@ -1,129 +1,129 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<testExecutions version="1">
-  <file path="C:\Work\sso\__tests__\unit\components\login-user\login.spec.ts">
-    <testCase name="LoginUser init should initialize LoginUser with valid userId" duration="5"/>
-    <testCase name="LoginUser init should throw an error when user is not found" duration="20"/>
-    <testCase name="LoginUser checkSession should throw an error if session expired" duration="20"/>
-    <testCase name="LoginUser checkSession should refresh the session duration if session is valid" duration="2"/>
-    <testCase name="LoginUser shouldReleaseLock should return true if autoReleaseYN is &quot;Y&quot; and time difference is greater than minuteToAutoRelease" duration="2"/>
-    <testCase name="LoginUser shouldReleaseLock should return false if autoReleaseYN is &quot;Y&quot; and time difference is less than or equal to minuteToAutoRelease" duration="1"/>
-    <testCase name="LoginUser shouldReleaseLock should return false if autoReleaseYN is &quot;N&quot;" duration="1"/>
-    <testCase name="LoginUser releaseLock should release the lock for a user" duration="1"/>
-    <testCase name="LoginUser checkUserInfoDuplicated should throw an error if duplicate user info is found" duration="1"/>
-    <testCase name="LoginUser checkUserInfoDuplicated should not throw an error if duplicate user info is not found" duration="0"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password with the specified length" duration="2"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one capital letter" duration="1"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one number" duration="1"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one special character" duration="1"/>
-    <testCase name="LoginUser generateDefaultPassword should generate a default password without any non-acceptable characters" duration="1"/>
-    <testCase name="LoginUser setPassword should set the password for the user" duration="159"/>
-    <testCase name="LoginUser setPassword should throw an error if the password does not meet the security requirements" duration="13"/>
-    <testCase name="LoginUser create should create a new user record" duration="5"/>
-    <testCase name="LoginUser create should throw an error if user dont have the privilege to create new user" duration="2"/>
-    <testCase name="LoginUser create should throw an error if user email is missing" duration="2"/>
-    <testCase name="LoginUser incrementFailedLoginAttemptCount should increment FailedLoginAttemptCount and update user status" duration="1"/>
-    <testCase name="LoginUser incrementFailedLoginAttemptCount should throw an error if maxFailedLoginAttempts or autoReleaseYN is missing" duration="1"/>
-    <testCase name="LoginUser incrementFailedLoginAttemptCount should lock the user account if the failed login attempts exceed the maximum allowed" duration="1"/>
-    <testCase name="LoginUser incrementFailedLoginAttemptCount should permanently lock the user account if the failed login attempts exceed the maximum allowed and autoReleaseYN is N" duration="1"/>
-    <testCase name="LoginUser combineSystemAccess should combine user and group system access and remove duplicates" duration="1"/>
-    <testCase name="LoginUser checkPrivileges should return true if user has the specified privilege" duration="1"/>
-    <testCase name="LoginUser checkPrivileges should return false if user does not have the specified privilege" duration="1"/>
-    <testCase name="LoginUser checkPrivileges should throw an error if ObjectId is not set" duration="1"/>
-    <testCase name="LoginUser getObjectPrivileges should return an array of privileges" duration="1"/>
-    <testCase name="LoginUser getObjectPrivileges should throw an error if an exception occurs" duration="1"/>
-    <testCase name="LoginUser getUserPersonalPrivileges should return an array of privileges" duration="2"/>
-    <testCase name="LoginUser getUserPersonalPrivileges should throw an error if an error occurs" duration="1"/>
-    <testCase name="LoginUser getInheritedSystemAccess should return group system access with its parent group system access if applicable" duration="3"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\system\system.spec.ts">
-    <testCase name="System init should initialize a system when SystemCode is provided" duration="3"/>
-    <testCase name="System init should throw an error when SystemCode is not found" duration="8"/>
-    <testCase name="System init should initialize a new system when SystemCode is not provided" duration="1"/>
-    <testCase name="System createSystem should create a new system" duration="4"/>
-    <testCase name="System createSystem should throw an error when user does not have permission" duration="1"/>
-    <testCase name="System createSystem should throw an error when SystemCode is missing" duration="1"/>
-    <testCase name="System createSystem should throw an error when Name is missing" duration="1"/>
-    <testCase name="System createSystem should throw an error when Description is missing" duration="1"/>
-    <testCase name="System createSystem should throw an error when failed to create system" duration="5"/>
-    <testCase name="System setSystemCode should set the SystemCode when there is no duplicate" duration="1"/>
-    <testCase name="System setSystemCode should throw an error when SystemCode already exists" duration="1"/>
-    <testCase name="System setSystemCode should throw an error when failed to check duplicate SystemCode" duration="1"/>
-    <testCase name="System findAll should find all systems based on filter" duration="2"/>
-    <testCase name="System findAll should find all systems without pagination when page and rows are not provided" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group-object-privilege\group-object-privilege.spec.ts">
-    <testCase name="GroupObjectPrivilege should create an instance of GroupObjectPrivilege" duration="2"/>
-    <testCase name="GroupObjectPrivilege should have the correct TableName" duration="0"/>
-    <testCase name="GroupObjectPrivilege should have the correct properties" duration="1"/>
-    <testCase name="GroupObjectPrivilege init should return an instance of GroupObjectPrivilege when GroupObjectPrivilegeId is provided" duration="2"/>
-    <testCase name="GroupObjectPrivilege init should throw an error when GroupObjectPrivilegeId is provided but no GroupObjectPrivilege is found" duration="3"/>
-    <testCase name="GroupObjectPrivilege init should return a new instance of GroupObjectPrivilege when GroupObjectPrivilegeId is not provided" duration="3"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group-system-access\group-system-access.spec.ts">
-    <testCase name="GroupSystemAccess should create a new GroupSystemAccess instance" duration="2"/>
-    <testCase name="GroupSystemAccess init should initialize GroupSystemAccess without GroupSystemAccessId" duration="2"/>
-    <testCase name="GroupSystemAccess init should initialize GroupSystemAccess with GroupSystemAccessId" duration="3"/>
-    <testCase name="GroupSystemAccess init should throw an error if GroupSystemAccessId is not found" duration="5"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group\group.spec.ts">
-    <testCase name="Group should initialize a group with valid GroupCode" duration="4"/>
-    <testCase name="Group should throw an error when initializing a group with invalid GroupCode" duration="5"/>
-    <testCase name="Group should throw an error when initializing a group with an error" duration="2"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group-reporting-user\group-reporting-user.spec.ts">
-    <testCase name="GroupReportingUser init should initialize GroupReportingUser without GroupReportingUserId" duration="3"/>
-    <testCase name="GroupReportingUser init should initialize GroupReportingUser with valid GroupReportingUserId" duration="2"/>
-    <testCase name="GroupReportingUser init should throw ClassError when GroupReportingUser is not found" duration="8"/>
-    <testCase name="GroupReportingUser init should throw ClassError when failed to initialize GroupReportingUser" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\system-privilege\system-privilege.spec.ts">
-    <testCase name="SystemPrivilege constructor should create a new SystemPrivilege instance" duration="2"/>
-    <testCase name="SystemPrivilege init should initialize SystemPrivilege without PrivilegeCode" duration="1"/>
-    <testCase name="SystemPrivilege init should initialize SystemPrivilege with PrivilegeCode" duration="2"/>
-    <testCase name="SystemPrivilege init should throw an error if PrivilegeCode is not found" duration="4"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\user-group\user-group.spec.ts">
-    <testCase name="UserGroup constructor should create a new UserGroup instance" duration="3"/>
-    <testCase name="UserGroup init should initialize UserGroup with valid UserGroupId" duration="2"/>
-    <testCase name="UserGroup init should throw ClassError when UserGroupId is not found" duration="5"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\user-object-privilege\user-object-privilege.spec.ts">
-    <testCase name="UserObjectPrivilege constructor should create a new UserObjectPrivilege instance" duration="2"/>
-    <testCase name="UserObjectPrivilege init should initialize UserObjectPrivilege with valid ObjectPrivilegeId" duration="5"/>
-    <testCase name="UserObjectPrivilege init should throw ClassError when ObjectPrivilegeId is not found" duration="4"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\group-privilege\group-privilege.spec.ts">
-    <testCase name="GroupPrivilege should initialize with GroupPrivilegeAttr" duration="6"/>
-    <testCase name="GroupPrivilege should throw ClassError when GroupPrivilegeAttr is not found" duration="4"/>
-    <testCase name="GroupPrivilege should initialize with default values" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\user-system-access\user-system-access.spec.ts">
-    <testCase name="UserSystemAccess constructor should create a new UserSystemAccess instance" duration="2"/>
-    <testCase name="UserSystemAccess init should initialize UserSystemAccess with valid UserSystemAccessId" duration="2"/>
-    <testCase name="UserSystemAccess init should throw ClassError when UserSystemAccessId is not found" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\user-privilege\user-privilege.spec.ts">
-    <testCase name="UserPrivilege constructor should create a new UserPrivilege instance" duration="2"/>
-    <testCase name="UserPrivilege init should initialize UserPrivilege with valid UserPrivilegeId" duration="2"/>
-    <testCase name="UserPrivilege init should throw ClassError when UserPrivilegeId is not found" duration="4"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\session\session.service.spec.ts">
-    <testCase name="session.service should return session service when instansiated" duration="2"/>
-    <testCase name="session.service should able to write session data" duration="3"/>
-    <testCase name="session.service should able to refresh session data" duration="3"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\system-privilege\system-privilage.spec.ts">
-    <testCase name="SystemPrivilege should be true" duration="2"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\password-hash\password-hash.service.spec.ts">
-    <testCase name="password-hash.service should return hash password" duration="2"/>
-    <testCase name="password-hash.service should return true when verify password" duration="1"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\redis-client\redis.service.spec.ts">
-    <testCase name="redis.service should return redis service when instansiated" duration="1"/>
-    <testCase name="redis.service should able to write and read redis" duration="2"/>
-  </file>
-  <file path="C:\Work\sso\__tests__\unit\components\login-user\l.spec.ts">
-    <testCase name="SystemPrivilege should be true" duration="1"/>
-  </file>
+<?xml version="1.0" encoding="UTF-8"?>
+<testExecutions version="1">
+  <file path="C:\Work\sso\__tests__\unit\components\login-user\login.spec.ts">
+    <testCase name="LoginUser init should initialize LoginUser with valid userId" duration="5"/>
+    <testCase name="LoginUser init should throw an error when user is not found" duration="20"/>
+    <testCase name="LoginUser checkSession should throw an error if session expired" duration="20"/>
+    <testCase name="LoginUser checkSession should refresh the session duration if session is valid" duration="2"/>
+    <testCase name="LoginUser shouldReleaseLock should return true if autoReleaseYN is &quot;Y&quot; and time difference is greater than minuteToAutoRelease" duration="2"/>
+    <testCase name="LoginUser shouldReleaseLock should return false if autoReleaseYN is &quot;Y&quot; and time difference is less than or equal to minuteToAutoRelease" duration="1"/>
+    <testCase name="LoginUser shouldReleaseLock should return false if autoReleaseYN is &quot;N&quot;" duration="1"/>
+    <testCase name="LoginUser releaseLock should release the lock for a user" duration="1"/>
+    <testCase name="LoginUser checkUserInfoDuplicated should throw an error if duplicate user info is found" duration="1"/>
+    <testCase name="LoginUser checkUserInfoDuplicated should not throw an error if duplicate user info is not found" duration="0"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password with the specified length" duration="2"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one capital letter" duration="1"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one number" duration="1"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password with at least one special character" duration="1"/>
+    <testCase name="LoginUser generateDefaultPassword should generate a default password without any non-acceptable characters" duration="1"/>
+    <testCase name="LoginUser setPassword should set the password for the user" duration="159"/>
+    <testCase name="LoginUser setPassword should throw an error if the password does not meet the security requirements" duration="13"/>
+    <testCase name="LoginUser create should create a new user record" duration="5"/>
+    <testCase name="LoginUser create should throw an error if user dont have the privilege to create new user" duration="2"/>
+    <testCase name="LoginUser create should throw an error if user email is missing" duration="2"/>
+    <testCase name="LoginUser incrementFailedLoginAttemptCount should increment FailedLoginAttemptCount and update user status" duration="1"/>
+    <testCase name="LoginUser incrementFailedLoginAttemptCount should throw an error if maxFailedLoginAttempts or autoReleaseYN is missing" duration="1"/>
+    <testCase name="LoginUser incrementFailedLoginAttemptCount should lock the user account if the failed login attempts exceed the maximum allowed" duration="1"/>
+    <testCase name="LoginUser incrementFailedLoginAttemptCount should permanently lock the user account if the failed login attempts exceed the maximum allowed and autoReleaseYN is N" duration="1"/>
+    <testCase name="LoginUser combineSystemAccess should combine user and group system access and remove duplicates" duration="1"/>
+    <testCase name="LoginUser checkPrivileges should return true if user has the specified privilege" duration="1"/>
+    <testCase name="LoginUser checkPrivileges should return false if user does not have the specified privilege" duration="1"/>
+    <testCase name="LoginUser checkPrivileges should throw an error if ObjectId is not set" duration="1"/>
+    <testCase name="LoginUser getObjectPrivileges should return an array of privileges" duration="1"/>
+    <testCase name="LoginUser getObjectPrivileges should throw an error if an exception occurs" duration="1"/>
+    <testCase name="LoginUser getUserPersonalPrivileges should return an array of privileges" duration="2"/>
+    <testCase name="LoginUser getUserPersonalPrivileges should throw an error if an error occurs" duration="1"/>
+    <testCase name="LoginUser getInheritedSystemAccess should return group system access with its parent group system access if applicable" duration="3"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\system\system.spec.ts">
+    <testCase name="System init should initialize a system when SystemCode is provided" duration="3"/>
+    <testCase name="System init should throw an error when SystemCode is not found" duration="8"/>
+    <testCase name="System init should initialize a new system when SystemCode is not provided" duration="1"/>
+    <testCase name="System createSystem should create a new system" duration="4"/>
+    <testCase name="System createSystem should throw an error when user does not have permission" duration="1"/>
+    <testCase name="System createSystem should throw an error when SystemCode is missing" duration="1"/>
+    <testCase name="System createSystem should throw an error when Name is missing" duration="1"/>
+    <testCase name="System createSystem should throw an error when Description is missing" duration="1"/>
+    <testCase name="System createSystem should throw an error when failed to create system" duration="5"/>
+    <testCase name="System setSystemCode should set the SystemCode when there is no duplicate" duration="1"/>
+    <testCase name="System setSystemCode should throw an error when SystemCode already exists" duration="1"/>
+    <testCase name="System setSystemCode should throw an error when failed to check duplicate SystemCode" duration="1"/>
+    <testCase name="System findAll should find all systems based on filter" duration="2"/>
+    <testCase name="System findAll should find all systems without pagination when page and rows are not provided" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group-object-privilege\group-object-privilege.spec.ts">
+    <testCase name="GroupObjectPrivilege should create an instance of GroupObjectPrivilege" duration="2"/>
+    <testCase name="GroupObjectPrivilege should have the correct TableName" duration="0"/>
+    <testCase name="GroupObjectPrivilege should have the correct properties" duration="1"/>
+    <testCase name="GroupObjectPrivilege init should return an instance of GroupObjectPrivilege when GroupObjectPrivilegeId is provided" duration="2"/>
+    <testCase name="GroupObjectPrivilege init should throw an error when GroupObjectPrivilegeId is provided but no GroupObjectPrivilege is found" duration="3"/>
+    <testCase name="GroupObjectPrivilege init should return a new instance of GroupObjectPrivilege when GroupObjectPrivilegeId is not provided" duration="3"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group-system-access\group-system-access.spec.ts">
+    <testCase name="GroupSystemAccess should create a new GroupSystemAccess instance" duration="2"/>
+    <testCase name="GroupSystemAccess init should initialize GroupSystemAccess without GroupSystemAccessId" duration="2"/>
+    <testCase name="GroupSystemAccess init should initialize GroupSystemAccess with GroupSystemAccessId" duration="3"/>
+    <testCase name="GroupSystemAccess init should throw an error if GroupSystemAccessId is not found" duration="5"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group\group.spec.ts">
+    <testCase name="Group should initialize a group with valid GroupCode" duration="4"/>
+    <testCase name="Group should throw an error when initializing a group with invalid GroupCode" duration="5"/>
+    <testCase name="Group should throw an error when initializing a group with an error" duration="2"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group-reporting-user\group-reporting-user.spec.ts">
+    <testCase name="GroupReportingUser init should initialize GroupReportingUser without GroupReportingUserId" duration="3"/>
+    <testCase name="GroupReportingUser init should initialize GroupReportingUser with valid GroupReportingUserId" duration="2"/>
+    <testCase name="GroupReportingUser init should throw ClassError when GroupReportingUser is not found" duration="8"/>
+    <testCase name="GroupReportingUser init should throw ClassError when failed to initialize GroupReportingUser" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\system-privilege\system-privilege.spec.ts">
+    <testCase name="SystemPrivilege constructor should create a new SystemPrivilege instance" duration="2"/>
+    <testCase name="SystemPrivilege init should initialize SystemPrivilege without PrivilegeCode" duration="1"/>
+    <testCase name="SystemPrivilege init should initialize SystemPrivilege with PrivilegeCode" duration="2"/>
+    <testCase name="SystemPrivilege init should throw an error if PrivilegeCode is not found" duration="4"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\user-group\user-group.spec.ts">
+    <testCase name="UserGroup constructor should create a new UserGroup instance" duration="3"/>
+    <testCase name="UserGroup init should initialize UserGroup with valid UserGroupId" duration="2"/>
+    <testCase name="UserGroup init should throw ClassError when UserGroupId is not found" duration="5"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\user-object-privilege\user-object-privilege.spec.ts">
+    <testCase name="UserObjectPrivilege constructor should create a new UserObjectPrivilege instance" duration="2"/>
+    <testCase name="UserObjectPrivilege init should initialize UserObjectPrivilege with valid ObjectPrivilegeId" duration="5"/>
+    <testCase name="UserObjectPrivilege init should throw ClassError when ObjectPrivilegeId is not found" duration="4"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\group-privilege\group-privilege.spec.ts">
+    <testCase name="GroupPrivilege should initialize with GroupPrivilegeAttr" duration="6"/>
+    <testCase name="GroupPrivilege should throw ClassError when GroupPrivilegeAttr is not found" duration="4"/>
+    <testCase name="GroupPrivilege should initialize with default values" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\user-system-access\user-system-access.spec.ts">
+    <testCase name="UserSystemAccess constructor should create a new UserSystemAccess instance" duration="2"/>
+    <testCase name="UserSystemAccess init should initialize UserSystemAccess with valid UserSystemAccessId" duration="2"/>
+    <testCase name="UserSystemAccess init should throw ClassError when UserSystemAccessId is not found" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\user-privilege\user-privilege.spec.ts">
+    <testCase name="UserPrivilege constructor should create a new UserPrivilege instance" duration="2"/>
+    <testCase name="UserPrivilege init should initialize UserPrivilege with valid UserPrivilegeId" duration="2"/>
+    <testCase name="UserPrivilege init should throw ClassError when UserPrivilegeId is not found" duration="4"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\session\session.service.spec.ts">
+    <testCase name="session.service should return session service when instansiated" duration="2"/>
+    <testCase name="session.service should able to write session data" duration="3"/>
+    <testCase name="session.service should able to refresh session data" duration="3"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\system-privilege\system-privilage.spec.ts">
+    <testCase name="SystemPrivilege should be true" duration="2"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\password-hash\password-hash.service.spec.ts">
+    <testCase name="password-hash.service should return hash password" duration="2"/>
+    <testCase name="password-hash.service should return true when verify password" duration="1"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\redis-client\redis.service.spec.ts">
+    <testCase name="redis.service should return redis service when instansiated" duration="1"/>
+    <testCase name="redis.service should able to write and read redis" duration="2"/>
+  </file>
+  <file path="C:\Work\sso\__tests__\unit\components\login-user\l.spec.ts">
+    <testCase name="SystemPrivilege should be true" duration="1"/>
+  </file>
 </testExecutions>

package/create-sso-user.sql

@@ -1,40 +1,40 @@
-
--- example to create sso-user
-CREATE USER 'sso_user'@'environment' IDENTIFIED BY 'password';
-
--- example to grant neccesary access to run migration
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_authorization_codes TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_bearer_tokens TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_building_types  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_buildings  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_cities TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_companies  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_countries TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_departments  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_grouproleprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemaccess  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_oauth_tokens  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_roles  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_sequelize_meta  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_staff_types  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_staffs  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_states  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_system_accesses  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemroleprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systems  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_updated_history  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_user_roles  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usergroup  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_users  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usersystemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usersystemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_UserUserGroup  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production._prisma_migrations  TO 'sso_user'@'localhost' WITH GRANT OPTION;
-
-
--- Grant user to create, alter, drop, references on the database (required for creating shadow tables)
+
+-- example to create sso-user
+CREATE USER 'sso_user'@'environment' IDENTIFIED BY 'password';
+
+-- example to grant neccesary access to run migration
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_authorization_codes TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_bearer_tokens TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_building_types  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_buildings  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_cities TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_companies  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_countries TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_departments  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_grouproleprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemaccess  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_groupsystemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_oauth_tokens  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_roles  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_sequelize_meta  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_staff_types  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_staffs  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_states  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_system_accesses  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systemroleprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_systems  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_updated_history  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_user_roles  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usergroup  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_users  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usersystemprivilege  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_usersystemrole  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production.sso_UserUserGroup  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES on production._prisma_migrations  TO 'sso_user'@'localhost' WITH GRANT OPTION;
+
+
+-- Grant user to create, alter, drop, references on the database (required for creating shadow tables)
 GRANT CREATE, ALTER, DROP, REFERENCES ON shadow_database.* TO 'sso_user'@'localhost' WITH GRANT OPTION;