add supabase_read_only_user role

supabase · Mar 16, 2023 · e9e2d50 · e9e2d50
1 parent 2fe5cf5
commit e9e2d50
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/ansible/files/postgresql_config/supautils.conf.j2 b/ansible/files/postgresql_config/supautils.conf.j2
@@ -9,4 +9,4 @@ supautils.privileged_extensions_superuser = 'supabase_admin'
 supautils.privileged_role = 'postgres'
 supautils.privileged_role_allowed_configs = 'pgaudit.log, pgaudit.log_catalog, pgaudit.log_client, pgaudit.log_level, pgaudit.log_relation, pgaudit.log_rows, pgaudit.log_statement, pgaudit.log_statement_once, pgaudit.role, pgrst.*, session_replication_role, track_io_timing'
 supautils.reserved_memberships = 'pg_read_server_files, pg_write_server_files, pg_execute_server_program, authenticator'
-supautils.reserved_roles = 'supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_replication_admin, dashboard_user, pgbouncer, service_role*, authenticator*, authenticated*, anon*'
+supautils.reserved_roles = 'supabase_admin, supabase_auth_admin, supabase_storage_admin, supabase_read_only_user, supabase_replication_admin, dashboard_user, pgbouncer, service_role*, authenticator*, authenticated*, anon*'
diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl
@@ -1 +1 @@
-postgres-version = "15.1.0.54-rc0"
+postgres-version = "15.1.0.55"
diff --git a/migrations/db/init-scripts/00000000000000-initial-schema.sql b/migrations/db/init-scripts/00000000000000-initial-schema.sql
@@ -11,6 +11,10 @@ alter user  supabase_admin with superuser createdb createrole replication bypass
 -- Supabase replication user
 create user supabase_replication_admin with login replication;
 
+-- Supabase read-only user
+create role supabase_read_only_user with login bypassrls;
+grant pg_read_all_data to supabase_read_only_user;
+
 -- Extension namespacing
 create schema if not exists extensions;
 create extension if not exists "uuid-ossp"      with schema extensions;
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		postgres-version = "15.1.0.54-rc0"
		postgres-version = "15.1.0.55"