| From: | "Igal (at) Lucee(dot)org" <igal(at)lucee(dot)org> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Group Roles with Inheritance |
| Date: | 2017-12-23 19:18:59 |
| Message-ID: | 429a9c34-af4f-2214-42f0-e641162645cd@lucee.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
I want to create three (group) roles. The first one will be read-only,
the second will add INSERT, and the third will add UPDATE and DELETE.
Does the below look OK for this purpose or did I forget something?
/** role_r is read-only with SELECT and EXECUTE */
CREATE ROLE role_r;
GRANT USAGE ON SCHEMA <schema> TO role_r;
GRANT SELECT ON ALL TABLES IN SCHEMA <schema> TO role_r;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA <schema> TO role_r;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA <schema> TO role_r;
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
GRANT SELECT ON TABLES TO role_r;
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
GRANT SELECT ON SEQUENCES TO role_r;
/** role_ra adds INSERT */
CREATE ROLE role_ra;
GRANT role_r TO role_ra;
GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_ra;
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
GRANT INSERT ON TABLES TO role_ra;
/** role_rawd adds UPDATE, DELETE */
CREATE ROLE role_rawd;
GRANT role_ra TO role_rawd;
GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_rawd;
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
GRANT UPDATE, DELETE ON TABLES TO role_rawd;
Thank you,
Igal Sapir
Lucee Core Developer
Lucee.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter J. Holzer | 2017-12-23 19:25:05 | Re: Array of foreign key |
| Previous Message | Pavel Stehule | 2017-12-23 19:05:43 | Re: Migrating to postgresql from oracle |