-- 普通用户
CREATE USER myapp WITH PASSWORD 'password';

-- 超级用户
CREATE USER admin WITH SUPERUSER PASSWORD 'admin_pass';

-- 带权限
CREATE USER developer WITH
    PASSWORD 'dev_pass'
    CREATEDB
    VALID UNTIL '2025-12-31';

-- 创建角色
CREATE ROLE readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;

-- 将角色授予用户
GRANT readonly TO myuser;

GRANT CONNECT ON DATABASE mydb TO myuser;
GRANT ALL PRIVILEGES ON DATABASE mydb TO admin;
REVOKE CONNECT ON DATABASE mydb FROM PUBLIC;

GRANT SELECT, INSERT, UPDATE ON users TO myapp;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO admin;
REVOKE INSERT, UPDATE ON sensitive_table FROM myapp;

ALTER TABLE users ENABLE ROW LEVEL SECURITY;

CREATE POLICY user_policy ON users
    FOR SELECT
    USING (id = current_user_id());