--- a/database/schema/messages.sql	Sun Apr 10 17:41:24 2022 -0400
+++ b/database/schema/messages.sql	Sun Apr 10 19:36:29 2022 -0400
@@ -53,3 +53,16 @@
 -- uniqueness and to enable lookup.
 CREATE UNIQUE INDEX ON messages (pr, number_in_pr);
 CREATE UNIQUE INDEX ON attachments (msgid, number_in_msg);
+
+-- The raw mail queue is append-only except to admins.
+GRANT SELECT, INSERT, UPDATE, DELETE ON rawmail TO swallowtail_admin;
+GRANT INSERT ON rawmail TO swallowtail_writer;
+
+-- Messages and attachments are generically accessible, but we don't
+-- allow ordinary writers to modify them. (XXX: is that silly?)
+GRANT SELECT, INSERT, UPDATE, DELETE ON messages TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON attachments TO swallowtail_admin;
+GRANT SELECT, INSERT ON messages TO swallowtail_writer;
+GRANT SELECT, INSERT ON attachments TO swallowtail_writer;
+GRANT SELECT ON messages, attachments TO swallowtail_reader;
+GRANT SELECT ON messages, attachments TO swallowtail_public;