Allow schema tool grant option to only grant select to support read only access

[punktilious]

Is your feature request related to a problem? Please describe.
When using the --grant-to option, the schema tool applies SELECT,INSERT,UPDATE grants to tables and view as well as usage grants on sequences and exec on procedures. This gives the user the necessary permissions to ingest data as well as read/search data.

Describe the solution you'd like
Provide an additional grant option which instructs the schema tool to apply only read permissions thus preventing that user from being able to modify the database.

Describe alternatives you've considered
Manually apply the grants to the 1000+ objects we have in our schema.

Acceptance Criteria

1. GIVEN a provisioned FHIR data schema
   AND a valid database username or role
   WHEN the schema tool is run using --grant-to username --grant-read-only --grant-read-to username
   THEN the given username has only read access to the FHIR data schema.

Additional context
The target user does not necessarily have to be used as a datasource for an IBM FHIR Server. The user may be used by external systems wishing to query the IBM FHIR Server database directly.

For testing with the dev/test docker image, a new user can be added to PostgreSQL as follows:

docker exec -ti your-pg-container-name psql -d fhirdb -U postgres
CREATE USER fhirreader  WITH LOGIN encrypted password 'change-password';
GRANT CONNECT ON DATABASE fhirdb TO fhirreader;

Note: for production, follow the PostgreSQL documentation to create a secure user login configuration.

[punktilious]

Added --grant-read-to username option to schema tool. See schema tool user guide for details.

[lmsurpre]

I tried running the schema tool with the following options

--db-type postgresql
--prop-file postgresql.properties
--schema-name fhirdata
--update-schema
--grant-read-to fhirreader
--pool-size 1

but it failed with

Invalid SQL object name: 'null'
java.lang.IllegalArgumentException: Invalid SQL object name: 'null'
    at org.linuxforhealth.fhir.database.utils.common.DataDefinitionUtil.assertValidName(DataDefinitionUtil.java:152)
    at org.linuxforhealth.fhir.database.utils.postgres.PostgresAdapter.grantSchemaUsage(PostgresAdapter.java:489)
    at org.linuxforhealth.fhir.database.utils.common.PlainSchemaAdapter.grantSchemaUsage(PlainSchemaAdapter.java:151)
    at org.linuxforhealth.fhir.schema.app.Main.grantPrivilegesForFhirData(Main.java:1027)
    at org.linuxforhealth.fhir.schema.app.Main.grantReadPrivilegesForFhirData(Main.java:1014)
    at org.linuxforhealth.fhir.schema.app.Main.updateFhirSchema(Main.java:551)
    at org.linuxforhealth.fhir.schema.app.Main.updateSchemas(Main.java:445)
    at org.linuxforhealth.fhir.schema.app.Main.process(Main.java:1868)
    at org.linuxforhealth.fhir.schema.app.Main.main(Main.java:1993)

i tried removing the --update-schema but it failed in the same way.

it only seems to work if i pass both --grant-to user1 AND --grant-read-to user2.
thats not documented so i'll reopen this one

[lmsurpre]

After #3860, we are now able to invoke --grant-read-to (both with --update-schema and without it).
After granting read to a 'fhirreader' user and configuring the server to use this reader, I confirmed that we could perform searches against the database and that we were NOT able to insert.

"FHIRPersistenceDataAccessException: SQLException encountered while inserting Resource."

This was done just for QA...the main use of this utility is to create users outside of the FHIR Server that can read (but not write) to these tables.