54 lines
2.0 KiB
SQL
54 lines
2.0 KiB
SQL
-- ============================================================================
|
|
-- Per-Module Database Users
|
|
-- ============================================================================
|
|
-- Creates isolated database users for each StellaOps module.
|
|
-- This enables least-privilege access control and audit trail per module.
|
|
--
|
|
-- Password format: {module}_dev (for development only)
|
|
-- In production, use secrets management and rotate credentials.
|
|
-- ============================================================================
|
|
|
|
-- Core Platform
|
|
CREATE USER authority_user WITH PASSWORD 'authority_dev';
|
|
|
|
-- Data Ingestion
|
|
CREATE USER concelier_user WITH PASSWORD 'concelier_dev';
|
|
CREATE USER excititor_user WITH PASSWORD 'excititor_dev';
|
|
|
|
-- Scanning & Analysis
|
|
CREATE USER scanner_user WITH PASSWORD 'scanner_dev';
|
|
|
|
-- Scheduling & Orchestration
|
|
CREATE USER scheduler_user WITH PASSWORD 'scheduler_dev';
|
|
CREATE USER taskrunner_user WITH PASSWORD 'taskrunner_dev';
|
|
|
|
-- Policy & Risk
|
|
CREATE USER policy_user WITH PASSWORD 'policy_dev';
|
|
CREATE USER unknowns_user WITH PASSWORD 'unknowns_dev';
|
|
|
|
-- Artifacts & Evidence
|
|
CREATE USER attestor_user WITH PASSWORD 'attestor_dev';
|
|
CREATE USER signer_user WITH PASSWORD 'signer_dev';
|
|
|
|
-- Notifications
|
|
CREATE USER notify_user WITH PASSWORD 'notify_dev';
|
|
|
|
-- Signals & Observability
|
|
CREATE USER signals_user WITH PASSWORD 'signals_dev';
|
|
|
|
-- Registry
|
|
CREATE USER packs_user WITH PASSWORD 'packs_dev';
|
|
|
|
-- ============================================================================
|
|
-- Log created users
|
|
-- ============================================================================
|
|
DO $$
|
|
BEGIN
|
|
RAISE NOTICE 'Created per-module database users:';
|
|
RAISE NOTICE ' - authority_user, concelier_user, excititor_user';
|
|
RAISE NOTICE ' - scanner_user, scheduler_user, taskrunner_user';
|
|
RAISE NOTICE ' - policy_user, unknowns_user';
|
|
RAISE NOTICE ' - attestor_user, signer_user';
|
|
RAISE NOTICE ' - notify_user, signals_user, packs_user';
|
|
END $$;
|