Re: Best practice to create a read-only user?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, May 3, 2013 at 7:03 AM, matthias ritzkowski
<matthias@xxxxxxxxxxxxxxxx> wrote:
> What do people use day to day?

I usually set default privileges for user postgres like below and
create end users in particular roles, either role_ro for read only or
role_rw for read-write access. All the database objects one need the
default privileges to be applied to must be created with user
postgres.

ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT SELECT ON SEQUENCES  TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT SELECT ON TABLES  TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT EXECUTE ON FUNCTIONS TO role_ro;

ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT SELECT,USAGE ON SEQUENCES  TO role_rw;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT SELECT,INSERT,DELETE,UPDATE ON TABLES  TO role_rw;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
    GRANT EXECUTE ON FUNCTIONS TO role_rw;

--
Kind regards,
Sergey Konoplev
PostgreSQL Consultant and DBA

Profile: http://www.linkedin.com/in/grayhemp
Phone: USA +1 (415) 867-9984, Russia +7 (901) 903-0499, +7 (988) 888-1979
Skype: gray-hemp
Jabber: gray.ru@xxxxxxxxx


-- 
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux