103 lines
4.8 KiB
SQL
103 lines
4.8 KiB
SQL
-- Reusable provisioning script for Takeout SaaS PostgreSQL databases.
|
|
-- Execute with a superuser (e.g. postgres). Safe to re-run.
|
|
|
|
DO $$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_user') THEN
|
|
CREATE ROLE app_user LOGIN PASSWORD 'AppUser112233';
|
|
END IF;
|
|
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'identity_user') THEN
|
|
CREATE ROLE identity_user LOGIN PASSWORD 'IdentityUser112233';
|
|
END IF;
|
|
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'dictionary_user') THEN
|
|
CREATE ROLE dictionary_user LOGIN PASSWORD 'DictionaryUser112233';
|
|
END IF;
|
|
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'hangfire_user') THEN
|
|
CREATE ROLE hangfire_user LOGIN PASSWORD 'HangFire112233';
|
|
END IF;
|
|
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'logs_user') THEN
|
|
CREATE ROLE logs_user LOGIN PASSWORD 'Logs112233';
|
|
END IF;
|
|
END $$;
|
|
|
|
DO $$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_app_db') THEN
|
|
CREATE DATABASE takeout_app_db OWNER app_user ENCODING 'UTF8';
|
|
END IF;
|
|
END $$;
|
|
COMMENT ON DATABASE takeout_app_db IS 'Takeout SaaS 业务域数据库';
|
|
|
|
DO $$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_identity_db') THEN
|
|
CREATE DATABASE takeout_identity_db OWNER identity_user ENCODING 'UTF8';
|
|
END IF;
|
|
END $$;
|
|
COMMENT ON DATABASE takeout_identity_db IS 'Takeout SaaS 身份域数据库';
|
|
|
|
DO $$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_dictionary_db') THEN
|
|
CREATE DATABASE takeout_dictionary_db OWNER dictionary_user ENCODING 'UTF8';
|
|
END IF;
|
|
END $$;
|
|
COMMENT ON DATABASE takeout_dictionary_db IS 'Takeout SaaS 字典域数据库';
|
|
|
|
DO $$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_hangfire_db') THEN
|
|
CREATE DATABASE takeout_hangfire_db OWNER hangfire_user ENCODING 'UTF8';
|
|
END IF;
|
|
END $$;
|
|
COMMENT ON DATABASE takeout_hangfire_db IS 'Takeout SaaS 调度/Hangfire 数据库';
|
|
|
|
DO $$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_logs_db') THEN
|
|
CREATE DATABASE takeout_logs_db OWNER logs_user ENCODING 'UTF8';
|
|
END IF;
|
|
END $$;
|
|
COMMENT ON DATABASE takeout_logs_db IS 'Takeout SaaS 审计/日志数据库';
|
|
|
|
-- Ensure privileges and default schema permissions
|
|
\connect takeout_app_db
|
|
GRANT CONNECT, TEMP ON DATABASE takeout_app_db TO app_user;
|
|
GRANT USAGE ON SCHEMA public TO app_user;
|
|
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO app_user;
|
|
GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO app_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO app_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO app_user;
|
|
|
|
\connect takeout_identity_db
|
|
GRANT CONNECT, TEMP ON DATABASE takeout_identity_db TO identity_user;
|
|
GRANT USAGE ON SCHEMA public TO identity_user;
|
|
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO identity_user;
|
|
GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO identity_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO identity_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO identity_user;
|
|
|
|
\connect takeout_dictionary_db
|
|
GRANT CONNECT, TEMP ON DATABASE takeout_dictionary_db TO dictionary_user;
|
|
GRANT USAGE ON SCHEMA public TO dictionary_user;
|
|
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO dictionary_user;
|
|
GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO dictionary_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO dictionary_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO dictionary_user;
|
|
|
|
\connect takeout_hangfire_db
|
|
GRANT CONNECT, TEMP ON DATABASE takeout_hangfire_db TO hangfire_user;
|
|
GRANT USAGE ON SCHEMA public TO hangfire_user;
|
|
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO hangfire_user;
|
|
GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO hangfire_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO hangfire_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO hangfire_user;
|
|
|
|
\connect takeout_logs_db
|
|
GRANT CONNECT, TEMP ON DATABASE takeout_logs_db TO logs_user;
|
|
GRANT USAGE ON SCHEMA public TO logs_user;
|
|
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO logs_user;
|
|
GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO logs_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO logs_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO logs_user;
|