Add note in README.md and enhancements to sql and functions.

README.md

@@ -1,2 +1,9 @@
 # c77_rbac
 A PostgreSQL extension for role-based access control (RBAC).
+
+## Setup for Cross-Schema Usage
+If applying `c77_rbac_apply_policy` to a table in a non-public schema, ensure the schema has `USAGE` permissions for the roles that will access it:
+
+```sql
+GRANT USAGE ON SCHEMA your_schema TO PUBLIC;
+GRANT SELECT, INSERT, UPDATE, DELETE ON your_schema.your_table TO PUBLIC;

schema.sql

@@ -98,3 +98,38 @@ BEGIN
     ON CONFLICT DO NOTHING;
 END;
 $$ LANGUAGE plpgsql;
+
+
+CREATE FUNCTION c77_rbac_can_access(
+    p_feature_name TEXT,
+    p_scope_type TEXT DEFAULT NULL,
+    p_scope_id TEXT DEFAULT NULL
+) RETURNS BOOLEAN AS $$
+BEGIN
+    RETURN EXISTS (
+        SELECT 1
+        FROM c77_rbac_users u
+                 JOIN c77_rbac_user_roles ur ON u.user_id = ur.user_id
+                 JOIN c77_rbac_roles r ON ur.role_id = r.role_id
+                 JOIN c77_rbac_role_features rf ON r.role_id = rf.role_id
+                 JOIN c77_rbac_features f ON rf.feature_id = f.feature_id
+        WHERE u.username = current_user
+          AND f.name = p_feature_name
+          AND (p_scope_type IS NULL OR u.scope_type = p_scope_type)
+          AND (p_scope_id IS NULL OR u.scope_id = p_scope_id)
+    );
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON c77_rbac_users TO PUBLIC;
+GRANT SELECT, INSERT, UPDATE, DELETE ON c77_rbac_roles TO PUBLIC;
+GRANT SELECT, INSERT, UPDATE, DELETE ON c77_rbac_user_roles TO PUBLIC;
+GRANT SELECT, INSERT, UPDATE, DELETE ON c77_rbac_features TO PUBLIC;
+GRANT SELECT, INSERT, UPDATE, DELETE ON c77_rbac_role_features TO PUBLIC;
+GRANT SELECT, INSERT, UPDATE, DELETE ON c77_rbac_entities TO PUBLIC;
+
+-- Grant permissions on functions
+GRANT EXECUTE ON FUNCTION c77_rbac_assign_user TO PUBLIC;
+GRANT EXECUTE ON FUNCTION c77_rbac_grant_feature TO PUBLIC;
+GRANT EXECUTE ON FUNCTION c77_rbac_can_access TO PUBLIC;
+