refactor: 日志库拆分与清理用户审计

deploy/postgres/create_databases.sql

@@ -15,6 +15,9 @@ BEGIN
     IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'hangfire_user') THEN
         CREATE ROLE hangfire_user LOGIN PASSWORD 'HangFire112233';
     END IF;
+    IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'logs_user') THEN
+        CREATE ROLE logs_user LOGIN PASSWORD 'Logs112233';
+    END IF;
 END $$;
 
 DO $$
@@ -49,6 +52,14 @@ BEGIN
 END $$;
 COMMENT ON DATABASE takeout_hangfire_db IS 'Takeout SaaS 调度/Hangfire 数据库';
 
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_logs_db') THEN
+        CREATE DATABASE takeout_logs_db OWNER logs_user ENCODING 'UTF8';
+    END IF;
+END $$;
+COMMENT ON DATABASE takeout_logs_db IS 'Takeout SaaS 审计/日志数据库';
+
 -- Ensure privileges and default schema permissions
 \connect takeout_app_db
 GRANT CONNECT, TEMP ON DATABASE takeout_app_db TO app_user;
@@ -81,3 +92,11 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO hangfire_
 GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO hangfire_user;
 ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO hangfire_user;
 ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO hangfire_user;
+
+\connect takeout_logs_db
+GRANT CONNECT, TEMP ON DATABASE takeout_logs_db TO logs_user;
+GRANT USAGE ON SCHEMA public TO logs_user;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO logs_user;
+GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO logs_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO logs_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO logs_user;