Search Postgresql Archives

Group Roles with Inheritance

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
I want to create three (group) roles.  The first one will be read-only, the second will add INSERT, and the third will add UPDATE and DELETE. 

Does the below look OK for this purpose or did I forget something?


/** role_r is read-only with SELECT and EXECUTE */
CREATE ROLE role_r;

GRANT USAGE ON SCHEMA <schema> TO role_r;

GRANT SELECT ON ALL TABLES IN SCHEMA <schema> TO role_r;

GRANT SELECT ON ALL SEQUENCES IN SCHEMA <schema> TO role_r;

GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA <schema> TO role_r;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
    GRANT SELECT ON TABLES TO role_r;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
    GRANT SELECT ON SEQUENCES TO role_r;


/** role_ra adds INSERT */
CREATE ROLE role_ra;
GRANT role_r TO role_ra;

GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_ra;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
    GRANT INSERT ON TABLES TO role_ra;


/** role_rawd adds UPDATE, DELETE */
CREATE ROLE role_rawd;
GRANT role_ra TO role_rawd;

GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_rawd;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
    GRANT UPDATE, DELETE ON TABLES TO role_rawd;


Thank you,


Igal Sapir
Lucee Core Developer
Lucee.org
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux