Add Cascadia reporter role for read-only access

schema/deploy/roles/cascadia/create.sql

@@ -3,11 +3,19 @@
 begin;
 
 create role "cascadia";
-grant "reporter" to "cascadia";
 
 grant "cascadia" to "consensus-genome-processor";
 
 comment on role "cascadia" is
     'For row-level access to Cascadia data';
 
+
+create role "reporter-cascadia";
+
+grant "cascadia" to "reporter-cascadia";
+grant "reporter" to "reporter-cascadia";
+
+comment on role "reporter-cascadia" is
+    'For row-level read access to Cascadia data';
+
 commit;

schema/revert/roles/cascadia/create.sql

@@ -3,5 +3,6 @@
 begin;
 
 drop role cascadia;
+drop role "reporter-cascadia";
 
 commit;

schema/verify/warehouse/consensus-genome/check-consensus-genome-rls.sql

@@ -61,7 +61,7 @@ begin
             (access_role is null and sample_id = other_sample_id)
     );
 
-    set local role cascadia;
+    set local role 'reporter-cascadia';
 
     assert 2 = (
         select count(*)

schema/verify/warehouse/genomic-sequence/check-genomic-sequence-rls.sql

@@ -59,7 +59,7 @@ begin
             (access_role::text = 'cascadia' and consensus_genome_id = other_consensus_genome_id)
     );
 
-    set local role cascadia;
+    set local role 'reporter-cascadia';
 
     assert 2 = (
         select count(*)

schema/verify/warehouse/sample/cascadia-rls-constraint.sql

@@ -17,7 +17,7 @@ begin
         where sample_id = sample_number
     );
 
-    set local role cascadia;
+    set local role 'reporter-cascadia';
 
     assert 1 = (
         select count(*)

schema/verify/warehouse/sequence-read-set/check-sequence-read-set-rls.sql

@@ -51,7 +51,7 @@ begin
             (access_role::text = 'cascadia' and sample_id = other_sample_id)
     );
 
-    set local role cascadia;
+    set local role 'reporter-cascadia';
 
     assert 2 = (
         select count(*)