diff --git a/infra/local/init/postgres/01-init.sql b/infra/local/init/postgres/01-init.sql index ebccf5a..0f7a528 100644 --- a/infra/local/init/postgres/01-init.sql +++ b/infra/local/init/postgres/01-init.sql @@ -41,8 +41,17 @@ ALTER DEFAULT PRIVILEGES FOR ROLE audit_owner IN SCHEMA audit GRANT DELETE ON TABLES TO audit_archiver; -- ---------------------------------------------------------------- Dev convenience --- The default `portal` superuser bypasses these grants anyway, but --- granting the audit roles explicitly lets us test role-based access --- with `SET ROLE audit_writer;` etc. from a psql session against the --- dev DB. Production never grants all four to one user. -GRANT audit_owner, audit_writer, audit_reader, audit_archiver TO portal; +-- The dev superuser (created by Postgres from POSTGRES_USER, default +-- `portal` but overridable in infra/local/.env) bypasses these grants +-- anyway, but granting the audit roles explicitly lets us test +-- role-based access with `SET ROLE audit_writer;` etc. from a psql +-- session against the dev DB. +-- +-- `current_user` resolves at script execution time to whoever is +-- running the init SQL — i.e. the superuser created from POSTGRES_USER, +-- whatever its name happens to be. Hard-coding `portal` here was +-- wrong: it broke any setup where the contributor changed +-- POSTGRES_USER in their .env. +-- +-- Production never grants all four roles to one user. +GRANT audit_owner, audit_writer, audit_reader, audit_archiver TO current_user;