| From: | Sergey Konoplev <gray(dot)ru(at)gmail(dot)com> |
|---|---|
| To: | matthias ritzkowski <matthias(at)marlinmobile(dot)com> |
| Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Best practice to create a read-only user? |
| Date: | 2013-05-08 03:28:46 |
| Message-ID: | CAL_0b1s6uRoUURi+3t-Xi+K+NDcaB_shiD9+s=H8XVsQZcF+cQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Fri, May 3, 2013 at 7:03 AM, matthias ritzkowski
<matthias(at)marlinmobile(dot)com> wrote:
> What do people use day to day?
I usually set default privileges for user postgres like below and
create end users in particular roles, either role_ro for read only or
role_rw for read-write access. All the database objects one need the
default privileges to be applied to must be created with user
postgres.
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT SELECT ON SEQUENCES TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT SELECT ON TABLES TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT EXECUTE ON FUNCTIONS TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT SELECT,USAGE ON SEQUENCES TO role_rw;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT SELECT,INSERT,DELETE,UPDATE ON TABLES TO role_rw;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT EXECUTE ON FUNCTIONS TO role_rw;
--
Kind regards,
Sergey Konoplev
PostgreSQL Consultant and DBA
Profile: http://www.linkedin.com/in/grayhemp
Phone: USA +1 (415) 867-9984, Russia +7 (901) 903-0499, +7 (988) 888-1979
Skype: gray-hemp
Jabber: gray(dot)ru(at)gmail(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Haifeng Liu | 2013-05-08 04:41:28 | How to prevent vacuum again and again on the unchanged tables? |
| Previous Message | Bhanu Murthy | 2013-05-07 17:07:08 | Re: [SQL] Encrypting PGBouncer to Postgres DB connections |