Don't think I can do this as this is AWS RDS?
On Mon, Jun 10, 2024 at 10:59 PM Norbert Poellmann <np@xxxxxx> wrote:
On Mon, Jun 10, 2024 at 12:09:14PM +1200, Edwin UY wrote:
> Hi,
>
> A role was created as below:
> CREATE ROLE [blah] WITH NOLOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE
> NOREPLICATION VALID UNTIL 'infinity';
>
> Doesn't the following SQLs supposed to give the role login access?
>
> ALTER ROLE [blah] WITH ENCRYPTED PASSWORD 'blahpassword' ;
> GRANT CONNECT ON DATABASE [blahdb] TO [blahuser] ;
>
> We're trying to take the minimalist approach for a user access to have
> access to only the tables he has created and only to a specific database
> and schema.
Hi,
I would suggest, additionally, the strictest doorman for your database
is a record in ${data_directory}/pg_hba.conf, example:
# TYPE DATABASE USER ADDRESS METHOD
hostssl blahdb blahuser 1.2.3.4/32 scram-sha-256
changes followed by a server reload.
cheers
Norbert Poellmann
>
> Regards,
> Ed