From a6cde07af0453dc64351fadcadcdb66a60628123 Mon Sep 17 00:00:00 2001
From: Christopher Kolstad <chriswk@getunleash.ai>
Date: Mon, 27 Nov 2023 08:55:03 +0100
Subject: [PATCH] Updated scripts to use owner (#5341)

See [Linear issue
2-1627](https://linear.app/unleash/issue/2-1627/db-permissions-update-docs-and-migration-guides).

Since we now use functions, we need more permissions than just GRANT ALL
PERMISSIONS ON DATBASE. In addition we need to be allowed to create
functions in the schema that's actually being used. This PR takes the
easy way out and say that we need OWNER privileges on the database. That
guarantees that we can do all we do in our migration scripts.

### Discussion points
We might encounter some pushback on this, if so, we'll need to say that
we need
`GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN <schema>` in addition to GRANT
ALL PRIVILEGES ON DATABASE, where <schema> is the schema selected in
their configuration.
---
 scripts/resetdatabase.sql                     | 3 +--
 website/docs/contributing/backend/overview.md | 8 +++-----
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/scripts/resetdatabase.sql b/scripts/resetdatabase.sql
index df251920a0..a1553f965f 100644
--- a/scripts/resetdatabase.sql
+++ b/scripts/resetdatabase.sql
@@ -1,3 +1,2 @@
 DROP DATABASE unleash;
-CREATE DATABASE unleash;
-GRANT ALL PRIVILEGES ON DATABASE unleash TO unleash_user;
+CREATE DATABASE unleash WITH OWNER unleash_user;
diff --git a/website/docs/contributing/backend/overview.md b/website/docs/contributing/backend/overview.md
index 085f525eed..d7afe61097 100644
--- a/website/docs/contributing/backend/overview.md
+++ b/website/docs/contributing/backend/overview.md
@@ -27,17 +27,15 @@ yarn dev
 
 To run and develop unleash, you need to have PostgreSQL database (PostgreSQL v14.x or newer) locally.
 
-Unleash currently also work with PostgreSQL v14+, but this might change in a future feature release, and we have stopped running automatic integration tests below PostgreSQL v12.
+Unleash currently also work with PostgreSQL v14+, but this might change in a future feature release, and we have stopped running automatic integration tests below PostgreSQL v12. The current recommendation is to use a role with Owner privileges since Unleash uses Postgres functions to simplify our database usage.
 
 ### Create a local unleash databases in postgres {#create-a-local-unleash-databases-in-postgres}
 
 ```bash
 $ psql postgres <<SQL
 CREATE USER unleash_user WITH PASSWORD 'password';
-CREATE DATABASE unleash;
-GRANT ALL PRIVILEGES ON DATABASE unleash to unleash_user;
-CREATE DATABASE unleash_test;
-GRANT ALL PRIVILEGES ON DATABASE unleash_test to unleash_user;
+CREATE DATABASE unleash WITH OWNER unleash_user;
+CREATE DATABASE unleash_test WITH OWNER unleash_user;
 ALTER DATABASE unleash_test SET timezone TO 'UTC';
 SQL
 ```