diff -r 34241be7db73 -r fcb452578142 setup/01_create_database.sql
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/setup/01_create_database.sql	Thu Apr 06 17:44:17 2017 +0200
@@ -0,0 +1,23 @@
+-- Create a database owner role, which has no login permissions.
+-- You can either:
+--   1) login as default user and switch the user
+--   2) decide to override this decision and give login permissions
+--   3) use your superuser of choice to manage the database (not recommended!)
+create role lightpit_dbo with password 'lpit_dbo_changeme';
+
+-- Create the actual (unprivileged) database user
+create user lightpit_user with password 'lpit_user_changeme';
+
+-- Create the LightPIT schema
+create schema lightpit authorization lightpit_dbo;
+
+
+-- Grant basic privileges to user (the granting user must be the dbo)
+alter default privileges for role lightpit_dbo in schema lightpit
+    grant select, insert, update, delete on tables to lightpit_user;
+alter default privileges for role lightpit_dbo in schema lightpit
+    grant usage, select on sequences to lightpit_user;
+alter default privileges for role lightpit_dbo in schema lightpit
+    grant execute on functions to lightpit_user;
+alter default privileges for role lightpit_dbo in schema lightpit
+    grant usage on types to lightpit_user;