-- Grant appropriate privileges on app_versions so authenticated users
-- can perform writes permitted by RLS policies and anonymous users can read.

-- Grant read access to anonymous (public) clients
GRANT SELECT ON public.app_versions TO anon;

-- Grant write privileges to authenticated role (RLS still applies)
GRANT SELECT, INSERT, UPDATE, DELETE ON public.app_versions TO authenticated;

-- Notes:
-- - Run this with a service_role or a superuser in the SQL editor.
-- - RLS policies still control which authenticated users may actually write.