CREATE TABLE capabilities (
    id UUID PRIMARY KEY,
    name TEXT UNIQUE NOT NULL,
    description TEXT
);

CREATE TABLE role_capabilities (
    role_id UUID NOT NULL REFERENCES roles(id),
    capability_id UUID NOT NULL REFERENCES capabilities(id),
    granted_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    revoked_at TIMESTAMPTZ,
    PRIMARY KEY (role_id, capability_id)
);