Create identity__user table CREATE TABLE identity__user ( id uuid PRIMARY KEY, tenant_id varchar(64) NOT NULL, username varchar(128) NOT NULL, display_name varchar(256) NOT NULL, email varchar(320), enabled boolean NOT NULL DEFAULT true, ext jsonb NOT NULL DEFAULT '{}'::jsonb, created_at timestamptz NOT NULL, created_by varchar(128) NOT NULL, updated_at timestamptz NOT NULL, updated_by varchar(128) NOT NULL, version bigint NOT NULL DEFAULT 0 ); CREATE UNIQUE INDEX identity__user_tenant_username_uk ON identity__user (tenant_id, username); CREATE INDEX identity__user_ext_gin ON identity__user USING GIN (ext jsonb_path_ops); DROP TABLE identity__user; Enable Row-Level Security on identity__user (advisory until RlsTransactionHook lands) ALTER TABLE identity__user ENABLE ROW LEVEL SECURITY; CREATE POLICY identity__user_tenant_isolation ON identity__user USING (tenant_id = current_setting('vibeerp.current_tenant', true)); DROP POLICY IF EXISTS identity__user_tenant_isolation ON identity__user; ALTER TABLE identity__user DISABLE ROW LEVEL SECURITY; Create identity__role table CREATE TABLE identity__role ( id uuid PRIMARY KEY, tenant_id varchar(64) NOT NULL, code varchar(64) NOT NULL, name varchar(256) NOT NULL, description text, ext jsonb NOT NULL DEFAULT '{}'::jsonb, created_at timestamptz NOT NULL, created_by varchar(128) NOT NULL, updated_at timestamptz NOT NULL, updated_by varchar(128) NOT NULL, version bigint NOT NULL DEFAULT 0 ); CREATE UNIQUE INDEX identity__role_tenant_code_uk ON identity__role (tenant_id, code); CREATE INDEX identity__role_ext_gin ON identity__role USING GIN (ext jsonb_path_ops); ALTER TABLE identity__role ENABLE ROW LEVEL SECURITY; CREATE POLICY identity__role_tenant_isolation ON identity__role USING (tenant_id = current_setting('vibeerp.current_tenant', true)); DROP TABLE identity__role; Create identity__user_role join table CREATE TABLE identity__user_role ( id uuid PRIMARY KEY, tenant_id varchar(64) NOT NULL, user_id uuid NOT NULL REFERENCES identity__user(id) ON DELETE CASCADE, role_id uuid NOT NULL REFERENCES identity__role(id) ON DELETE CASCADE, created_at timestamptz NOT NULL, created_by varchar(128) NOT NULL, updated_at timestamptz NOT NULL, updated_by varchar(128) NOT NULL, version bigint NOT NULL DEFAULT 0 ); CREATE UNIQUE INDEX identity__user_role_uk ON identity__user_role (tenant_id, user_id, role_id); ALTER TABLE identity__user_role ENABLE ROW LEVEL SECURITY; CREATE POLICY identity__user_role_tenant_isolation ON identity__user_role USING (tenant_id = current_setting('vibeerp.current_tenant', true)); DROP TABLE identity__user_role;