GRANT SELECT, INSERT, UPDATE, DELETE ON public.attendance TO authenticated;
GRANT ALL ON public.attendance TO service_role;

DROP POLICY IF EXISTS "Managers can update attendance" ON public.attendance;
CREATE POLICY "Managers can update attendance"
ON public.attendance
FOR UPDATE
TO authenticated
USING (public.has_any_role(auth.uid(), ARRAY['super_admin'::public.app_role, 'admin'::public.app_role, 'company_admin'::public.app_role, 'ops_manager'::public.app_role, 'supervisor'::public.app_role, 'security_officer'::public.app_role]));

DROP POLICY IF EXISTS "Managers can delete attendance" ON public.attendance;
CREATE POLICY "Managers can delete attendance"
ON public.attendance
FOR DELETE
TO authenticated
USING (public.has_any_role(auth.uid(), ARRAY['super_admin'::public.app_role, 'admin'::public.app_role, 'company_admin'::public.app_role, 'ops_manager'::public.app_role, 'supervisor'::public.app_role, 'security_officer'::public.app_role]));