CREATE DATABASE kompass;

-- main kompass user
CREATE USER 'kompass'@'KOMPASS_DB_HOST' IDENTIFIED BY 'KOMPASS_DB_PASSWORD';
GRANT ALL PRIVILEGES ON kompass.* TO 'kompass'@'KOMPASS_DB_HOST';

-- pam user
CREATE USER 'pam'@'KOMPASS_DB_HOST' IDENTIFIED BY 'KOMPASS_DB_PAM_PASSWORD';
GRANT SELECT ON kompass.* TO 'pam'@'KOMPASS_DB_HOST';

-- TODO: allow for this more granular permission configuration
-- GRANT SELECT ON kompass.auth_user TO 'pam'@'KOMPASS_DB_HOST';
-- GRANT SELECT ON kompass.mailer_emailaddress TO 'pam'@'KOMPASS_DB_HOST';

-- querymail user
CREATE USER 'querymail'@'KOMPASS_DB_HOST' IDENTIFIED BY 'KOMPASS_DB_QUERYMAIL_PASSWORD';
GRANT SELECT on kompass.* TO 'querymail'@'KOMPASS_DB_HOST';

-- TODO: allow for this more granular permission configuration
-- GRANT SELECT (username, id) on kompass.auth_user TO 'querymail'@'KOMPASS_DB_HOST';
-- GRANT SELECT ON kompass.members_member_group TO 'querymail'@'KOMPASS_DB_HOST';
-- GRANT SELECT ON kompass.mailer_emailaddress_to_groups TO 'querymail'@'KOMPASS_DB_HOST';
-- GRANT SELECT ON kompass.members_member TO 'querymail'@'KOMPASS_DB_HOST';
-- GRANT SELECT ON kompass.mailer_emailaddress_to_groups TO 'querymail'@'KOMPASS_DB_HOST';
-- GRANT SELECT ON kompass.mailer_emailaddress_to_members TO 'querymail'@'KOMPASS_DB_HOST';
-- GRANT SELECT ON kompass.mailer_emailaddress TO 'querymail'@'KOMPASS_DB_HOST';

FLUSH PRIVILEGES;