added initial roadmap and implementation
This commit is contained in:
35
migrations/20260311000001_fix_storage_permissions.sql
Normal file
35
migrations/20260311000001_fix_storage_permissions.sql
Normal file
@@ -0,0 +1,35 @@
|
||||
DO $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'service_role') THEN
|
||||
CREATE ROLE service_role NOLOGIN;
|
||||
END IF;
|
||||
END
|
||||
$$;
|
||||
|
||||
ALTER ROLE service_role WITH BYPASSRLS;
|
||||
|
||||
GRANT USAGE ON SCHEMA storage TO service_role;
|
||||
GRANT ALL ON ALL TABLES IN SCHEMA storage TO service_role;
|
||||
GRANT ALL ON ALL SEQUENCES IN SCHEMA storage TO service_role;
|
||||
GRANT ALL ON ALL FUNCTIONS IN SCHEMA storage TO service_role;
|
||||
|
||||
-- Policies for service_role
|
||||
CREATE POLICY "Service role can do anything on buckets"
|
||||
ON storage.buckets
|
||||
FOR ALL
|
||||
TO service_role
|
||||
USING (true)
|
||||
WITH CHECK (true);
|
||||
|
||||
CREATE POLICY "Service role can do anything on objects"
|
||||
ON storage.objects
|
||||
FOR ALL
|
||||
TO service_role
|
||||
USING (true)
|
||||
WITH CHECK (true);
|
||||
|
||||
-- Also grant usage on public schema just in case
|
||||
GRANT USAGE ON SCHEMA public TO service_role;
|
||||
GRANT ALL ON ALL TABLES IN SCHEMA public TO service_role;
|
||||
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO service_role;
|
||||
GRANT ALL ON ALL FUNCTIONS IN SCHEMA public TO service_role;
|
||||
Reference in New Issue
Block a user