Summary
Similar to what was done as part of this PR is merged we'll have the configurable role name.
Context
OpenAEV now enforces tenant isolation at the database level via PostgreSQL RLS. At runtime, the application does SET ROLE <app_role> on every connection so that RLS policies apply (superusers bypass RLS). The Flyway migration (V5_06) grants privileges to this role and enables RLS policies, but does not create the role itself — that must be done at docker bootstrap before deployment.
DoD
Summary
Similar to what was done as part of this PR is merged we'll have the configurable role name.
Context
OpenAEV now enforces tenant isolation at the database level via PostgreSQL RLS. At runtime, the application does
SET ROLE <app_role>on every connection so that RLS policies apply (superusers bypass RLS). The Flyway migration (V5_06) grants privileges to this role and enables RLS policies, but does not create the role itself — that must be done at docker bootstrap before deployment.DoD