Files
supabase/docker/dockerfiles/postgres/00-initial-schema.sql
Steve Chavez b0df1901c3 No access to public tables by default for anon
Users should explicitly grant privileges to `anon`(unauthenticated clients) if they want some db objects to be publicly accessed.

This caused confusion on https://github.com/supabase/supabase/discussions/1493. So the fix is to revoke default privileges for `anon`.
2021-05-11 11:28:50 -05:00

27 lines
1.2 KiB
SQL

-- Set up reatime
create publication supabase_realtime for all tables;
-- Extension namespacing
create schema extensions;
create extension if not exists "uuid-ossp" with schema extensions;
create extension if not exists pgcrypto with schema extensions;
create extension if not exists pgjwt with schema extensions;
-- Developer roles
create role anon nologin noinherit;
create role authenticated nologin noinherit; -- "logged in" user: web_user, app_user, etc
create role service_role nologin noinherit bypassrls; -- allow developers to create JWT's that bypass their policies
create user authenticator noinherit;
grant anon to authenticator;
grant authenticated to authenticator;
grant service_role to authenticator;
grant usage on schema public to postgres, anon, authenticated, service_role;
alter default privileges in schema public grant all on tables to postgres, authenticated, service_role;
alter default privileges in schema public grant all on functions to postgres, authenticated, service_role;
alter default privileges in schema public grant all on sequences to postgres, authenticated, service_role;