Re: Best practice to create a read-only user?
| От | Sergey Konoplev |
|---|---|
| Тема | Re: Best practice to create a read-only user? |
| Дата | |
| Msg-id | CAL_0b1s6uRoUURi+3t-Xi+K+NDcaB_shiD9+s=H8XVsQZcF+cQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Best practice to create a read-only user? (matthias ritzkowski <matthias@marlinmobile.com>) |
| Список | pgsql-admin |
On Fri, May 3, 2013 at 7:03 AM, matthias ritzkowski
<matthias@marlinmobile.com> wrote:
> What do people use day to day?
I usually set default privileges for user postgres like below and
create end users in particular roles, either role_ro for read only or
role_rw for read-write access. All the database objects one need the
default privileges to be applied to must be created with user
postgres.
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT SELECT ON SEQUENCES TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT SELECT ON TABLES TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT EXECUTE ON FUNCTIONS TO role_ro;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT SELECT,USAGE ON SEQUENCES TO role_rw;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT SELECT,INSERT,DELETE,UPDATE ON TABLES TO role_rw;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT EXECUTE ON FUNCTIONS TO role_rw;
--
Kind regards,
Sergey Konoplev
PostgreSQL Consultant and DBA
Profile: http://www.linkedin.com/in/grayhemp
Phone: USA +1 (415) 867-9984, Russia +7 (901) 903-0499, +7 (988) 888-1979
Skype: gray-hemp
Jabber: gray.ru@gmail.com
В списке pgsql-admin по дате отправления: