36 lines
996 B
SQL
36 lines
996 B
SQL
DO $$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'service_role') THEN
|
|
CREATE ROLE service_role NOLOGIN;
|
|
END IF;
|
|
END
|
|
$$;
|
|
|
|
ALTER ROLE service_role WITH BYPASSRLS;
|
|
|
|
GRANT USAGE ON SCHEMA storage TO service_role;
|
|
GRANT ALL ON ALL TABLES IN SCHEMA storage TO service_role;
|
|
GRANT ALL ON ALL SEQUENCES IN SCHEMA storage TO service_role;
|
|
GRANT ALL ON ALL FUNCTIONS IN SCHEMA storage TO service_role;
|
|
|
|
-- Policies for service_role
|
|
CREATE POLICY "Service role can do anything on buckets"
|
|
ON storage.buckets
|
|
FOR ALL
|
|
TO service_role
|
|
USING (true)
|
|
WITH CHECK (true);
|
|
|
|
CREATE POLICY "Service role can do anything on objects"
|
|
ON storage.objects
|
|
FOR ALL
|
|
TO service_role
|
|
USING (true)
|
|
WITH CHECK (true);
|
|
|
|
-- Also grant usage on public schema just in case
|
|
GRANT USAGE ON SCHEMA public TO service_role;
|
|
GRANT ALL ON ALL TABLES IN SCHEMA public TO service_role;
|
|
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO service_role;
|
|
GRANT ALL ON ALL FUNCTIONS IN SCHEMA public TO service_role;
|