diff options
| author | sadbeast <sadbeast@sadbeast.com> | 2024-07-16 18:16:29 -0700 |
|---|---|---|
| committer | sadbeast <sadbeast@sadbeast.com> | 2024-10-05 16:40:55 -0700 |
| commit | 6bd24af2ffbea91db1b10a5d5258980ce2068c7f (patch) | |
| tree | 66634833f2d45260be5fcaf9111400eda12f03cc /src/db/database.sql | |
| download | teamdraft-6bd24af2ffbea91db1b10a5d5258980ce2068c7f.tar.gz teamdraft-6bd24af2ffbea91db1b10a5d5258980ce2068c7f.tar.bz2 | |
Diffstat (limited to 'src/db/database.sql')
| -rw-r--r-- | src/db/database.sql | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/src/db/database.sql b/src/db/database.sql new file mode 100644 index 0000000..91ca755 --- /dev/null +++ b/src/db/database.sql @@ -0,0 +1,64 @@ +\set rw_name :database_name '_rw' +\set ro_name :database_name '_ro' +\set password_role :database_name '_password' + +DROP SCHEMA IF EXISTS :schema CASCADE; +DROP DATABASE IF EXISTS :database_name; + +-- Uncomment for non-development environments +-- DROP ROLE IF EXISTS :owner; +-- CREATE ROLE :owner WITH LOGIN PASSWORD :'owner'; + +DROP ROLE IF EXISTS :password_role; +CREATE ROLE :password_role; +ALTER ROLE :password_role SET search_path TO :schema, pgsodium, public; + +GRANT ddl TO :owner; + +DROP ROLE IF EXISTS :rw_name; +CREATE ROLE :rw_name WITH LOGIN PASSWORD :'rw_name'; + +GRANT dml TO :rw_name; + +DROP ROLE IF EXISTS :ro_name; +CREATE ROLE :ro_name WITH LOGIN PASSWORD :'ro_name'; + +GRANT read_only TO :ro_name; + +ALTER ROLE :owner SET search_path TO :schema, public; +ALTER ROLE :rw_name SET search_path TO :schema, pgsodium, public; +ALTER ROLE :ro_name SET search_path TO :schema, public; + +CREATE DATABASE :database_name OWNER :owner; + +REVOKE CREATE ON SCHEMA public FROM PUBLIC; + +REVOKE ALL ON DATABASE :database_name FROM PUBLIC; + +GRANT CONNECT, TEMPORARY ON DATABASE :database_name TO ddl, dml, read_only; + +\c :database_name +CREATE EXTENSION pgsodium; +GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA pgsodium TO dml; + +SET ROLE :owner; + +CREATE SCHEMA :schema AUTHORIZATION :schema; + +GRANT USAGE, CREATE ON SCHEMA :schema TO ddl; + +GRANT USAGE ON SCHEMA :schema TO dml, read_only; + +REVOKE ALL ON DATABASE :database_name FROM PUBLIC; + +GRANT CONNECT, TEMPORARY ON DATABASE :database_name TO ddl, dml, read_only; + +ALTER DEFAULT PRIVILEGES IN SCHEMA :schema GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO dml; + +ALTER DEFAULT PRIVILEGES IN SCHEMA :schema GRANT SELECT ON TABLES TO read_only; + +ALTER DEFAULT PRIVILEGES IN SCHEMA :schema GRANT USAGE, SELECT ON SEQUENCES TO dml, read_only; + +ALTER DEFAULT PRIVILEGES IN SCHEMA :schema GRANT UPDATE ON SEQUENCES TO dml; + +ALTER DEFAULT PRIVILEGES IN SCHEMA :schema GRANT EXECUTE ON ROUTINES TO dml, read_only; |