-- Reusable provisioning script for Takeout SaaS PostgreSQL databases. -- Execute with a superuser (e.g. postgres). Safe to re-run. DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_user') THEN CREATE ROLE app_user LOGIN PASSWORD 'AppUser112233'; END IF; IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'identity_user') THEN CREATE ROLE identity_user LOGIN PASSWORD 'IdentityUser112233'; END IF; IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'dictionary_user') THEN CREATE ROLE dictionary_user LOGIN PASSWORD 'DictionaryUser112233'; END IF; IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'hangfire_user') THEN CREATE ROLE hangfire_user LOGIN PASSWORD 'HangFire112233'; END IF; END $$; DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_app_db') THEN CREATE DATABASE takeout_app_db OWNER app_user ENCODING 'UTF8'; END IF; END $$; COMMENT ON DATABASE takeout_app_db IS 'Takeout SaaS 业务域数据库'; DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_identity_db') THEN CREATE DATABASE takeout_identity_db OWNER identity_user ENCODING 'UTF8'; END IF; END $$; COMMENT ON DATABASE takeout_identity_db IS 'Takeout SaaS 身份域数据库'; DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_dictionary_db') THEN CREATE DATABASE takeout_dictionary_db OWNER dictionary_user ENCODING 'UTF8'; END IF; END $$; COMMENT ON DATABASE takeout_dictionary_db IS 'Takeout SaaS 字典域数据库'; DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_hangfire_db') THEN CREATE DATABASE takeout_hangfire_db OWNER hangfire_user ENCODING 'UTF8'; END IF; END $$; COMMENT ON DATABASE takeout_hangfire_db IS 'Takeout SaaS 调度/Hangfire 数据库'; -- Ensure privileges and default schema permissions \connect takeout_app_db GRANT CONNECT, TEMP ON DATABASE takeout_app_db TO app_user; GRANT USAGE ON SCHEMA public TO app_user; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO app_user; GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO app_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO app_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO app_user; \connect takeout_identity_db GRANT CONNECT, TEMP ON DATABASE takeout_identity_db TO identity_user; GRANT USAGE ON SCHEMA public TO identity_user; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO identity_user; GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO identity_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO identity_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO identity_user; \connect takeout_dictionary_db GRANT CONNECT, TEMP ON DATABASE takeout_dictionary_db TO dictionary_user; GRANT USAGE ON SCHEMA public TO dictionary_user; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO dictionary_user; GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO dictionary_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO dictionary_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO dictionary_user; \connect takeout_hangfire_db GRANT CONNECT, TEMP ON DATABASE takeout_hangfire_db TO hangfire_user; GRANT USAGE ON SCHEMA public TO hangfire_user; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO hangfire_user; GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO hangfire_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO hangfire_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO hangfire_user;