83 lines
3.6 KiB
SQL
83 lines
3.6 KiB
SQL
-- ============================================================
|
|
-- Supabase Core Roles & Schemas Initialization
|
|
-- Runs first (50-) to set up all roles required by later scripts
|
|
-- ============================================================
|
|
|
|
-- Create supabase_admin role
|
|
DO
|
|
$$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_admin') THEN
|
|
CREATE ROLE supabase_admin WITH LOGIN CREATEROLE REPLICATION BYPASSRLS PASSWORD 'siqt3T9iHjWpjATtKdlBjJKOifiLf0Oe';
|
|
END IF;
|
|
END
|
|
$$;
|
|
|
|
-- Create ALL standard Supabase roles needed by subsequent init scripts
|
|
-- (56-roles.sql will ALTER these, so they must pre-exist)
|
|
DO
|
|
$$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'anon') THEN
|
|
CREATE ROLE anon NOLOGIN NOINHERIT;
|
|
END IF;
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticated') THEN
|
|
CREATE ROLE authenticated NOLOGIN NOINHERIT;
|
|
END IF;
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'service_role') THEN
|
|
CREATE ROLE service_role NOLOGIN NOINHERIT BYPASSRLS;
|
|
END IF;
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticator') THEN
|
|
CREATE ROLE authenticator WITH NOINHERIT LOGIN PASSWORD 'siqt3T9iHjWpjATtKdlBjJKOifiLf0Oe';
|
|
END IF;
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'pgbouncer') THEN
|
|
CREATE ROLE pgbouncer WITH LOGIN PASSWORD 'siqt3T9iHjWpjATtKdlBjJKOifiLf0Oe';
|
|
END IF;
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_auth_admin') THEN
|
|
CREATE ROLE supabase_auth_admin WITH NOINHERIT CREATEROLE LOGIN PASSWORD 'siqt3T9iHjWpjATtKdlBjJKOifiLf0Oe';
|
|
END IF;
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_storage_admin') THEN
|
|
CREATE ROLE supabase_storage_admin WITH NOINHERIT CREATEROLE LOGIN PASSWORD 'siqt3T9iHjWpjATtKdlBjJKOifiLf0Oe';
|
|
END IF;
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_functions_admin') THEN
|
|
CREATE ROLE supabase_functions_admin WITH NOINHERIT CREATEROLE LOGIN PASSWORD 'siqt3T9iHjWpjATtKdlBjJKOifiLf0Oe';
|
|
END IF;
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_replication_admin') THEN
|
|
CREATE ROLE supabase_replication_admin LOGIN REPLICATION;
|
|
END IF;
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_read_only_user') THEN
|
|
CREATE ROLE supabase_read_only_user BYPASSRLS;
|
|
END IF;
|
|
END
|
|
$$;
|
|
|
|
-- Grant pg_read_server_files to supabase_admin (required by pg_net extension)
|
|
GRANT pg_read_server_files TO supabase_admin;
|
|
|
|
-- Core grants
|
|
GRANT ALL ON DATABASE postgres TO supabase_admin WITH GRANT OPTION;
|
|
GRANT anon TO authenticator;
|
|
GRANT authenticated TO authenticator;
|
|
GRANT service_role TO authenticator;
|
|
GRANT supabase_auth_admin TO supabase_admin;
|
|
GRANT supabase_storage_admin TO supabase_admin;
|
|
GRANT supabase_functions_admin TO supabase_admin;
|
|
|
|
-- Create _supabase database for internal Supabase services
|
|
CREATE DATABASE _supabase WITH OWNER supabase_admin;
|
|
|
|
-- Create required schemas in postgres database
|
|
CREATE SCHEMA IF NOT EXISTS _supabase AUTHORIZATION supabase_admin;
|
|
CREATE SCHEMA IF NOT EXISTS extensions AUTHORIZATION supabase_admin;
|
|
|
|
-- Stub schemas: auth/storage populated by GoTrue/Storage services at runtime
|
|
-- but must exist for 61-core-schema.sql to pass validation
|
|
CREATE SCHEMA IF NOT EXISTS auth;
|
|
CREATE SCHEMA IF NOT EXISTS storage;
|
|
GRANT USAGE ON SCHEMA auth TO supabase_admin, supabase_auth_admin;
|
|
GRANT USAGE ON SCHEMA storage TO supabase_admin, supabase_storage_admin;
|
|
|
|
-- Switch to _supabase database and create required schemas
|
|
\connect _supabase
|
|
CREATE SCHEMA IF NOT EXISTS _analytics AUTHORIZATION supabase_admin;
|