diff -r a89240b61819 -r 131903fc16b8 setup/postgres/psql_create_database.sql
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/setup/postgres/psql_create_database.sql	Sun Nov 26 16:51:57 2017 +0100
@@ -0,0 +1,27 @@
+-- Create a database owner role, which has no login permissions.
+-- You can either:
+--   1) login as default user and switch the user
+--   2) decide to override this decision and give login permissions
+--   3) use your superuser of choice to manage the database (not recommended!)
+create role lightpit_dbo with password 'lpit_dbo_changeme';
+
+-- Create the actual (unprivileged) database user
+create user lightpit_user with password 'lpit_user_changeme';
+
+-- Create the LightPIT schema
+create schema lightpit authorization lightpit_dbo;
+grant usage on schema lightpit to lightpit_user;
+
+-- Grant basic privileges to user (the granting user must be the dbo)
+alter default privileges for role lightpit_dbo in schema lightpit
+    grant select, insert, update, delete on tables to lightpit_user;
+alter default privileges for role lightpit_dbo in schema lightpit
+    grant usage, select on sequences to lightpit_user;
+alter default privileges for role lightpit_dbo in schema lightpit
+    grant execute on functions to lightpit_user;
+alter default privileges for role lightpit_dbo in schema lightpit
+    grant usage on types to lightpit_user;
+
+-- restrict the search path to the lightpit schema
+alter role lightpit_dbo set search_path to lightpit;
+alter role lightpit_user set search_path to lightpit;