-- Set up reatime create publication supabase_realtime for all tables; -- Extension namespacing create schema extensions; create extension if not exists "uuid-ossp" with schema extensions; create extension if not exists pgcrypto with schema extensions; create extension if not exists pgjwt with schema extensions; -- Developer roles create role anon nologin noinherit; create role authenticated nologin noinherit; -- "logged in" user: web_user, app_user, etc create role service_role nologin noinherit bypassrls; -- allow developers to create JWT's that bypass their policies create user authenticator noinherit; grant anon to authenticator; grant authenticated to authenticator; grant service_role to authenticator; grant usage on schema public to postgres, anon, authenticated, service_role; alter default privileges in schema public grant all on tables to postgres, anon, authenticated, service_role; alter default privileges in schema public grant all on functions to postgres, anon, authenticated, service_role; alter default privileges in schema public grant all on sequences to postgres, anon, authenticated, service_role; alter role anon set statement_timeout = '3s'; alter role authenticated set statement_timeout = '8s'; ALTER ROLE postgres SET search_path = "$user", public, auth, extensions;