Re: Grant request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/17/20 1:24 PM, Ron Watkins wrote:
I have a Azure production server, and a group of users is requesting select permissions for all tables, views, sequences, etc. 
This is for all existing and all new objects in all schemas in the database.
I don't see any kind of "db_datareader" role. Suggestions?


First create a group role:

\c postgresql
CREATE ROLE db_datareader LOGIN INHERIT PASSWORD "random_horse";
GRANT CONNECT ON DATABASE somedb TO db_datareader;

\c somedb
GRANT USAGE ON SCHEMA public TO db_datareader;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO db_datareader;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO db_datareader;
GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA public TO db_datareader;
GRANT EXECUTE ON ALL ROUTINES IN SCHEMA public TO db_datareader;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO db_datareader; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON ROUTINES TO db_datareader; 

Then create a bunch of users in that role:
CREATE ROLE fred IN ROLE db_datareader LOGIN INHERIT PASSWORD 'blahblah' VALID UNTIL 'xyz'; CREATE ROLE wilma IN ROLE db_datareader LOGIN INHERIT PASSWORD 'snarf' VALID UNTIL 'xyz'; CREATE ROLE barney IN ROLE db_datareader LOGIN INHERIT PASSWORD 'foobar' VALID UNTIL 'xyz' CREATE ROLE betty IN ROLE db_datareader LOGIN INHERIT PASSWORD 'blarg' VALID UNTIL 'xyz'; 


--
Angular momentum makes the world go 'round.
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux