| From: | jian he <jian(dot)universality(at)gmail(dot)com> |
|---|---|
| To: | Marcos Pegoraro <marcos(at)f10(dot)com(dot)br> |
| Cc: | Hellen Jiang <hjiang(at)federatedwireless(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Read only user permission |
| Date: | 2023-08-24 05:54:26 |
| Message-ID: | CACJufxHb2VaXDUuCRe_DkLK_y=56a2K_3bReS9B8BPJxdW16Ag@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Aug 24, 2023 at 2:49 AM Marcos Pegoraro <marcos(at)f10(dot)com(dot)br> wrote:
>
> Have you tried grant pg_read_all_data to readonly ?
>
I tried. seems pg_read_all_data really means "read all data no matter what".
so you cannot grant pg_read_all_data then revoke certain schema privileges.
begin;
create user my_user login;
GRANT pg_read_all_data TO my_user;
create schema a;
create schema b;
create table a.a as select 1;
create table b.b as select 2;
revoke all PRIVILEGES on schema a, b from my_user CASCADE;
-- revoke all PRIVILEGES on schema a from my_user CASCADE;
revoke all PRIVILEGES on all tables in schema a,b from my_user CASCADE;
set role my_user;
table a.a;
table b.b;
rollback;
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adam Lee | 2023-08-24 07:24:29 | Re: [EXTERNAL] Oracle FDW version |
| Previous Message | Tushar Takate | 2023-08-24 05:38:39 | Re: PostgreSQL DB cluster migration from centos7/RHEL7/OEL7 to RHEL8 |