| From: | Erik Wienhold <ewie(at)ewie(dot)name> |
|---|---|
| To: | Phani Prathyush Somayajula <phani(dot)somayajula(at)pragmaticplay(dot)com>, "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Restrict Write Users |
| Date: | 2023-06-20 12:05:53 |
| Message-ID: | 4796978.1031811.1687262753268@office.mailbox.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
> On 20/06/2023 13:23 CEST Phani Prathyush Somayajula <phani(dot)somayajula(at)pragmaticplay(dot)com> wrote:
>
> Is there a way to restrict write access to a user by restricting the user to
> have read-only on other databases on the instance. I’m using postgresql-14
> version
You should look into https://www.postgresql.org/docs/14/ddl-priv.html.
Start with a user that has no privileges and grant additional privileges as
necessary give read and/or write access. The user must not be the owner of
database objects, must not be a member of an owner role, and must not be
a superuser. Also check default privileges and privileges granted to PUBLIC.
But granting privileges in one database does not affect privileges in other
databases, except for role memberships because roles are not tied to a specific
database.
--
Erik
| From | Date | Subject | |
|---|---|---|---|
| Next Message | MichaelDBA | 2023-06-20 12:57:16 | Re: Restrict Write Users |
| Previous Message | Bhasker Bathini | 2023-06-20 11:33:10 | Why do i need to install set_user extension if i can directly grant all required privileges to user? |