17 lines
477 B
MySQL
17 lines
477 B
MySQL
|
-- 001_viz_anon_role.sql
|
||
|
|
-- Creates the read-only role used by PostgREST as its anonymous identity.
|
||
|
|
-- Only granted on the public schema; never on tracksolid.* directly.
|
||
|
|
--
|
||
|
|
-- After running, set a login password out-of-band (do NOT commit):
|
||
|
|
-- ALTER ROLE viz_anon LOGIN PASSWORD '<generated>';
|
||
|
|
|
||
|
|
DO $$
|
||
|
|
BEGIN
|
||
|
|
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'viz_anon') THEN
|
||
|
|
CREATE ROLE viz_anon NOLOGIN;
|
||
|
|
END IF;
|
||
|
|
END
|
||
|
|
$$;
|
||
|
|
|
||
|
|
GRANT USAGE ON SCHEMA public TO viz_anon;
|