_/supabase/initdb.d/00-initial-schema.sql

-- (c) 2021 Supabase Inc.
-- license: https://github.com/supabase/supabase/blob/master/LICENSE
-- https://github.com/supabase/supabase/blob/30b9f748fe163420375244fa350e14bcfa235a3f/docker/volumes/db/init/00-initial-schema.sql

-- Set up reatime
-- create publication supabase_realtime; -- defaults to empty publication
create publication supabase_realtime;

-- Supabase super admin
create user supabase_admin;
alter user  supabase_admin with superuser createdb createrole replication bypassrls;

-- Extension namespacing
create SCHEMA IF NOT exists extensions;
create extension if not exists "uuid-ossp"      with schema extensions;
create extension if not exists pgcrypto         with schema extensions;
create extension if not exists pgjwt            with schema extensions;

-- Set up auth roles for the developer
create role anon                nologin noinherit;
create role authenticated       nologin noinherit; -- "logged in" user: web_user, app_user, etc
create role service_role        nologin noinherit bypassrls; -- allow developers to create JWT's that bypass their policies

create user authenticator noinherit;
grant anon              to authenticator;
grant authenticated     to authenticator;
grant service_role      to authenticator;
grant supabase_admin    to authenticator;

grant usage                     on schema public to postgres, anon, authenticated, service_role;
alter default privileges in schema public grant all on tables to postgres, anon, authenticated, service_role;
alter default privileges in schema public grant all on functions to postgres, anon, authenticated, service_role;
alter default privileges in schema public grant all on sequences to postgres, anon, authenticated, service_role;

-- Allow Extensions to be used in the API
grant usage                     on schema extensions to postgres, anon, authenticated, service_role;

-- Set up namespacing
alter user supabase_admin SET search_path TO public, extensions; -- don't include the "auth" schema

-- These are required so that the users receive grants whenever "supabase_admin" creates tables/function
alter default privileges for user supabase_admin in schema public grant all
    on sequences to postgres, anon, authenticated, service_role;
alter default privileges for user supabase_admin in schema public grant all
    on tables to postgres, anon, authenticated, service_role;
alter default privileges for user supabase_admin in schema public grant all
    on functions to postgres, anon, authenticated, service_role;

-- Set short statement/query timeouts for API roles
alter role anon set statement_timeout = '3s';
alter role authenticated set statement_timeout = '8s';
create supabase 2021-10-14 18:45:42 +09:00			`-- (c) 2021 Supabase Inc.`
			`-- license: https://github.com/supabase/supabase/blob/master/LICENSE`
			`-- https://github.com/supabase/supabase/blob/30b9f748fe163420375244fa350e14bcfa235a3f/docker/volumes/db/init/00-initial-schema.sql`

			`-- Set up reatime`
			`-- create publication supabase_realtime; -- defaults to empty publication`
			`create publication supabase_realtime;`

			`-- Supabase super admin`
			`create user supabase_admin;`
			`alter user supabase_admin with superuser createdb createrole replication bypassrls;`

			`-- Extension namespacing`
			`create SCHEMA IF NOT exists extensions;`
			`create extension if not exists "uuid-ossp" with schema extensions;`
			`create extension if not exists pgcrypto with schema extensions;`
			`create extension if not exists pgjwt with schema extensions;`

			`-- Set up auth roles for the developer`
			`create role anon nologin noinherit;`
			`create role authenticated nologin noinherit; -- "logged in" user: web_user, app_user, etc`
			`create role service_role nologin noinherit bypassrls; -- allow developers to create JWT's that bypass their policies`

			`create user authenticator noinherit;`
			`grant anon to authenticator;`
			`grant authenticated to authenticator;`
			`grant service_role to authenticator;`
			`grant supabase_admin to authenticator;`

			`grant usage on schema public to postgres, anon, authenticated, service_role;`
			`alter default privileges in schema public grant all on tables to postgres, anon, authenticated, service_role;`
			`alter default privileges in schema public grant all on functions to postgres, anon, authenticated, service_role;`
			`alter default privileges in schema public grant all on sequences to postgres, anon, authenticated, service_role;`

			`-- Allow Extensions to be used in the API`
			`grant usage on schema extensions to postgres, anon, authenticated, service_role;`

			`-- Set up namespacing`
			`alter user supabase_admin SET search_path TO public, extensions; -- don't include the "auth" schema`

			`-- These are required so that the users receive grants whenever "supabase_admin" creates tables/function`
			`alter default privileges for user supabase_admin in schema public grant all`
			`on sequences to postgres, anon, authenticated, service_role;`
			`alter default privileges for user supabase_admin in schema public grant all`
			`on tables to postgres, anon, authenticated, service_role;`
			`alter default privileges for user supabase_admin in schema public grant all`
			`on functions to postgres, anon, authenticated, service_role;`

			`-- Set short statement/query timeouts for API roles`
			`alter role anon set statement_timeout = '3s';`
			`alter role authenticated set statement_timeout = '8s';`