feat: revoke supabase_*_admin from postgres

soedirgo · soedirgo · commit 4114665692fa · 2025-04-07T14:03:20.000+08:00
Prevents Auth, Storage, and Realtime schemas &amp; migrations from being modified
diff --git a/migrations/db/migrations/20250421084701_revoke_supabase_storage_admin_from_postgres.sql b/migrations/db/migrations/20250421084701_revoke_supabase_storage_admin_from_postgres.sql
@@ -0,0 +1,14 @@
+-- migrate:up
+revoke supabase_storage_admin from postgres;
+revoke create on schema storage from postgres;
+revoke all on storage.migrations from anon, authenticated, service_role, postgres;
+
+revoke supabase_auth_admin from postgres;
+revoke create on schema auth from postgres;
+revoke all on auth.schema_migrations from dashboard_user, postgres;
+
+revoke supabase_realtime_admin from postgres;
+revoke create on schema realtime from postgres;
+revoke all on schema_migrations from postgres, dashboard_user, anon, authenticated, service_role;
+
+-- migrate:down
diff --git a/migrations/tests/database/privs.sql b/migrations/tests/database/privs.sql
@@ -27,3 +27,4 @@ SELECT schema_privs_are('extensions', 'service_role', array['USAGE']);
 -- Role memberships
 SELECT is_member_of('pg_read_all_data', 'postgres');
 SELECT is_member_of('pg_signal_backend', 'postgres');
+SELECT isnt_member_of('supabase_storage_admin', 'postgres');
