prskr/supabase-operator
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions
supabase-operator/assets/migrations/init-scripts/00000000000000-initial-schema.sql
Peter Kurfer 12090c913a
Some checks failed
E2E Tests / Run on Ubuntu (push) Failing after 20s
Details
Lint / Run on Ubuntu (push) Failing after 3m45s
Details
Tests / Run on Ubuntu (push) Failing after 16m8s
Details
feat(db): prepare migrations and core CRD
2024-12-13 09:09:14 +01:00

57 lines
2.6 KiB
SQL
Raw Blame History

-- migrate:up
-- Set up realtime
-- defaults to empty publication
create publication supabase_realtime;
-- Supabase super admin
alter user supabase_admin with superuser createdb createrole replication bypassrls;
-- Supabase replication user
create user supabase_replication_admin with login replication;
-- Supabase read-only user
create role supabase_read_only_user with login bypassrls;
grant pg_read_all_data to supabase_read_only_user;
-- Extension namespacing
create schema if not exists extensions;
create extension if not exists "uuid-ossp" with schema extensions;
create extension if not exists pgcrypto with schema extensions;
create extension if not exists pgjwt with schema extensions;
-- Set up auth roles for the developer
create role anon nologin noinherit;
create role authenticated nologin noinherit; -- "logged in" user: web_user, app_user, etc
create role service_role nologin noinherit bypassrls; -- allow developers to create JWT's that bypass their policies
create user authenticator noinherit;
grant anon to authenticator;
grant authenticated to authenticator;
grant service_role to authenticator;
grant supabase_admin to authenticator;
grant usage on schema public to postgres, anon, authenticated, service_role;
alter default privileges in schema public grant all on tables to postgres, anon, authenticated, service_role;
alter default privileges in schema public grant all on functions to postgres, anon, authenticated, service_role;
alter default privileges in schema public grant all on sequences to postgres, anon, authenticated, service_role;
-- Allow Extensions to be used in the API
grant usage on schema extensions to postgres, anon, authenticated, service_role;
-- Set up namespacing
alter user supabase_admin SET search_path TO public, extensions; -- don't include the "auth" schema
-- These are required so that the users receive grants whenever "supabase_admin" creates tables/function
alter default privileges for user supabase_admin in schema public grant all
on sequences to postgres, anon, authenticated, service_role;
alter default privileges for user supabase_admin in schema public grant all
on tables to postgres, anon, authenticated, service_role;
alter default privileges for user supabase_admin in schema public grant all
on functions to postgres, anon, authenticated, service_role;
-- Set short statement/query timeouts for API roles
alter role anon set statement_timeout = '3s';
alter role authenticated set statement_timeout = '8s';
-- migrate:down
Reference in a new issue View git blame Copy permalink