Set up basic database security with role-based access control and Row-Level Security (RLS) for the LEGO database.
Your Tasks:
1. Create Database Role and Permissions
Create a new database role called theme_analyst with the following permissions:
SELECTpermissions on all reference tables:lego_themes,lego_colors,lego_parts,lego_part_categoriesSELECTpermissions on main data tables:lego_sets,lego_inventories,lego_inventory_parts- No
INSERT,UPDATE, orDELETEpermissions on any tables
2. Enable Row-Level Security
Enable RLS on the following tables:
lego_setslego_inventorieslego_inventory_parts
Requirements:
- Use
CREATE ROLEto create thetheme_analystrole - Use
GRANT SELECTstatements to assign the appropriate permissions - Use
ALTER TABLE ... ENABLE ROW LEVEL SECURITYto enable RLS on each table
Expected Outcome:
After completing these tasks:
- The
theme_analystrole should exist with read-only access to specified tables - Row-Level Security should be enabled (but not yet enforced with policies) on the three main data tables
- The role should have no write permissions on any table
This sets up the foundation for implementing theme-based data isolation policies.