universe@2: -- Create a database owner role, which has no login permissions.
universe@2: -- You can either:
universe@2: --   1) login as default user and switch the user
universe@2: --   2) decide to override this decision and give login permissions
universe@2: --   3) use your superuser of choice to manage the database (not recommended!)
universe@2: create role lightpit_dbo with password 'lpit_dbo_changeme';
universe@2: 
universe@2: -- Create the actual (unprivileged) database user
universe@2: create user lightpit_user with password 'lpit_user_changeme';
universe@2: 
universe@2: -- Create the LightPIT schema
universe@2: create schema lightpit authorization lightpit_dbo;
universe@2: 
universe@2: 
universe@2: -- Grant basic privileges to user (the granting user must be the dbo)
universe@2: alter default privileges for role lightpit_dbo in schema lightpit
universe@2:     grant select, insert, update, delete on tables to lightpit_user;
universe@2: alter default privileges for role lightpit_dbo in schema lightpit
universe@2:     grant usage, select on sequences to lightpit_user;
universe@2: alter default privileges for role lightpit_dbo in schema lightpit
universe@2:     grant execute on functions to lightpit_user;
universe@2: alter default privileges for role lightpit_dbo in schema lightpit
universe@2:     grant usage on types to lightpit_user;