| From: | Matt Zagrabelny <mzagrabe(at)d(dot)umn(dot)edu> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: grant connect to all databases |
| Date: | 2024-10-05 14:13:59 |
| Message-ID: | CAOLfK3XOHnyWsLv_CdFAegWg1FgM3AK3WsO_r+rXSNjp8TQXcg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi David (and others),
Thanks for the info about Public.
I should expound on my original email.
In our dev and test environments our admins (alice, bob, eve) are
superusers. In production environments we'd like the admins to be read-only.
Is the Public role something I can leverage to achieve this desire?
Thanks for the help!
-m
On Sat, Oct 5, 2024 at 9:02 AM David G. Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>
wrote:
> On Saturday, October 5, 2024, Matt Zagrabelny <mzagrabe(at)d(dot)umn(dot)edu> wrote:
>
>> Hello,
>>
>> I'd like to have a read-only user for all databases.
>>
>> I found the pg_read_all_data role predefined role, which I granted to my
>> RO user:
>>
>> GRANT pg_read_all_data TO ro_user;
>>
>> ...but I cannot connect to my database(s).
>>
>> I'd like to not have to iterate over all the databases and "GRANT
>> CONNECT...".
>>
>> Is there a way to do this with just one GRANT or equivalent command?
>>
>
>
> The pseudo-role Public exists for just this kind of thing. In fact, in a
> default installation it already is given connect privileges on all
> databases created by the bootstrap superuser.
>
> David J.
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2024-10-05 15:27:21 | Re: grant connect to all databases |
| Previous Message | David G. Johnston | 2024-10-05 14:02:43 | Re: grant connect to all databases |