27 lines
1.1 KiB
SQL
27 lines
1.1 KiB
SQL
-- Role pro PostgREST anonymní přístup (read-only).
|
||
-- GRANT na views je v db/views/R__z_postgrest_ems_anon_grants.sql (Flyway je aplikuje až po R__vw_*).
|
||
|
||
DO $$ BEGIN
|
||
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'ems_anon') THEN
|
||
CREATE ROLE ems_anon NOLOGIN;
|
||
END IF;
|
||
END $$;
|
||
|
||
GRANT USAGE ON SCHEMA ems TO ems_anon;
|
||
|
||
-- Read-only na tabulky (existují po V001–V008)
|
||
GRANT SELECT ON ems.market_interval_price TO ems_anon;
|
||
GRANT SELECT ON ems.planning_run TO ems_anon;
|
||
GRANT SELECT ON ems.planning_interval TO ems_anon;
|
||
GRANT SELECT ON ems.forecast_pv_interval TO ems_anon;
|
||
GRANT SELECT ON ems.forecast_pv_run TO ems_anon;
|
||
GRANT SELECT ON ems.operating_mode_def TO ems_anon;
|
||
GRANT SELECT ON ems.site_operating_mode TO ems_anon;
|
||
GRANT SELECT ON ems.site_operating_mode_log TO ems_anon;
|
||
GRANT SELECT ON ems.ev_session TO ems_anon;
|
||
GRANT SELECT ON ems.asset_vehicle TO ems_anon;
|
||
|
||
COMMENT ON ROLE ems_anon IS
|
||
'Anonymní role pro PostgREST. Read-only přístup na views a vybrané tabulky.
|
||
Zápisy jdou výhradně přes FastAPI backend který má vlastní DB connection.';
|