\connect kandimat_db

-- Create schema for kandimat_data
create SCHEMA kandimat_data;
create SCHEMA kandimat_data_privat;

-- create roles
create role kandimat_person;
create role kandimat_anonymous;
create role kandimat_editor;
create role kandimat_candidate;

grant kandimat_editor to kandimat_postgraphile;
grant kandimat_candidate to kandimat_postgraphile;
grant kandimat_person to kandimat_postgraphile, kandimat_candidate, kandimat_editor;
grant kandimat_anonymous to kandimat_postgraphile;

create type kandimat_data.role as enum (
    'kandimat_editor',
    'kandimat_candidate',
    'kandimat_person'
    );

-- set table wide permissions
grant usage on schema kandimat_data to kandimat_anonymous, kandimat_person;

-- make functions non executeable w/o further checks
alter default privileges revoke execute on functions from public;