Re: grant connect to all databases

On 10/5/24 07:13, Matt Zagrabelny wrote:
> Hi David (and others),
>
> Thanks for the info about Public.
>
> I should expound on my original email.
>
> In our dev and test environments our admins (alice, bob, eve) are
> superusers. In production environments we'd like the admins to be read-only.

What are the REVOKE and GRANT commands you use to achieve that?

>
> Is the Public role something I can leverage to achieve this desire?

You should read:

https://www.postgresql.org/docs/current/ddl-priv.html

From your original post:

"but I cannot connect to my database"

Was that due to a GRANT issue or a pg_hba.conf issue?

What was the actual complete error?

>
> Thanks for the help!
>
> -m
>
>
>
> On Sat, Oct 5, 2024 at 9:02 AM David G. Johnston
> <david(dot)g(dot)johnston(at)gmail(dot)com <mailto:david(dot)g(dot)johnston(at)gmail(dot)com>> wrote:
>
> On Saturday, October 5, 2024, Matt Zagrabelny <mzagrabe(at)d(dot)umn(dot)edu
> <mailto:mzagrabe(at)d(dot)umn(dot)edu>> wrote:
>
> Hello,
>
> I'd like to have a read-only user for all databases.
>
> I found the pg_read_all_data role predefined role, which I
> granted to my RO user:
>
> GRANT pg_read_all_data TO ro_user;
>
> ...but I cannot connect to my database(s).
>
> I'd like to not have to iterate over all the databases and
> "GRANT CONNECT...".
>
> Is there a way to do this with just one GRANT or equivalent command?
>
>
>
> The pseudo-role Public exists for just this kind of thing.  In fact,
> in a default installation it already is given connect privileges on
> all databases created by the bootstrap superuser.
>
> David J.
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com