Обсуждение: PG Role : With Crud Operations without Drop DB user

Поиск
Список
Период
Сортировка

PG Role : With Crud Operations without Drop DB user

От
venkatesh R
Дата:

Hi All,

We have a use case where we need to create a user with a role to perform the crud operations, but it should not drop the databases with that user.

We have tried the below command and tried other permutations and combinations as well.

-- Replace placeholders with your values
CREATE USER developer WITH PASSWORD 'your_password';

CREATE ROLE developer_role;

GRANT USAGE ON SCHEMA public TO developer;

GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO developer_role;

GRANT developer_role TO developer;

REVOKE CREATE, DROP ON ALL TABLES IN SCHEMA public FROM developer;
REVOKE CREATE, DROP ON ALL SCHEMAS IN DATABASE your_database_name FROM developer;

ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO developer_role;
ALTER DEFAULT PRIVILEGES IN DATABASE your_database_name GRANT USAGE ON SCHEMAS TO developer_role;

Thanks in advance, please share your insights

The commands we used are still able to drop the database. Which it shouldn't do.

Is this possible in Postgres, we have tried all the commands.


Thanks

Venkat

Re: PG Role : With Crud Operations without Drop DB user

От
"David G. Johnston"
Дата:
On Tue, Feb 27, 2024 at 8:30 PM venkatesh R <venkatesh.ramanujam007@gmail.com> wrote

REVOKE CREATE, DROP ON ALL TABLES IN SCHEMA public FROM developer;
REVOKE CREATE, DROP ON ALL SCHEMAS IN DATABASE your_database_name FROM developer;

What exactly are you using here? There is no DROP permission and CREATE doesn't apply to tables.
 

The commands we used are still able to drop the database. Which it shouldn't do.

I don't see either a create database nor a drop database command in that so it is hard to say where you are going wrong.  I suggest you write a self-contained psql script demonstrating explicitly the problematic behavior.  A randomly created role that is neither a superuser nor the database owner will be unable to drop a database.

Is this possible in Postgres, we have tried all the commands.


Apparently including some that don't even exist...

Write a script, we don't care about permutations, choose your best guess, that doesn't have non-permission related errors i.e., no syntax problems or command not found.  Then ask why that script does or doesn't behave in some way surprising to you.

David J.