By default, Tines requires that the Postgres user (DATABASE_USERNAME) has permissions to create a database and enable extensions. This is typically achieved by using a superuser. This way, Tines itself can a) create and own the database (DATABASE_NAME) during setup, and b) enable Postgres Extensions during initial setup and upgrades.
If you would like to run Tines using a less privileged Postgres user, you must make sure to a) manually create the database before setting up Tines, and b) install required Postgres extensions by hand on initial setup and any time new extensions become required by a new version per our release notes.
The following is an example SQL script for how this can be achieved:
-- Enable required extensions
-- Note: Please review release notes for new extensions when upgrading Tines
CREATE EXTENSION IF NOT EXISTS pg_trgm;
CREATE EXTENSION IF NOT EXISTS plpgsql;
-- Create a non-superuser user to use with the app.
-- This should match `DATABASE_USERNAME` and `DATABASE_PASSWORD`
CREATE USER tines_user WITH PASSWORD '<password-here>';
-- Create a database for Tines. It should match `DATABASE_NAME`
CREATE DATABASE tines_db;
-- Make the user the database owner so they get all required privileges
ALTER DATABASE tines_db OWNER TO tines_user;