Обсуждение: PG Role : With Crud Operations without Drop DB user
Hi All,
We have a use case where we need to create a user with a role to perform the crud operations, but it should not drop the databases with that user.
We have tried the below command and tried other permutations and combinations as well.
-- Replace placeholders with your values
CREATE USER developer WITH PASSWORD 'your_password';
CREATE ROLE developer_role;
GRANT USAGE ON SCHEMA public TO developer;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO developer_role;
GRANT developer_role TO developer;
REVOKE CREATE, DROP ON ALL TABLES IN SCHEMA public FROM developer;
REVOKE CREATE, DROP ON ALL SCHEMAS IN DATABASE your_database_name FROM developer;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO developer_role;
ALTER DEFAULT PRIVILEGES IN DATABASE your_database_name GRANT USAGE ON SCHEMAS TO developer_role;
Thanks in advance, please share your insights
The commands we used are still able to drop the database. Which it shouldn't do.
Is this possible in Postgres, we have tried all the commands.
Thanks
Venkat
On Tue, Feb 27, 2024 at 8:30 PM venkatesh R <venkatesh.ramanujam007@gmail.com> wrote
REVOKE CREATE, DROP ON ALL TABLES IN SCHEMA public FROM developer; REVOKE CREATE, DROP ON ALL SCHEMAS IN DATABASE your_database_name FROM developer;
What exactly are you using here? There is no DROP permission and CREATE doesn't apply to tables.
The commands we used are still able to drop the database. Which it shouldn't do.
I don't see either a create database nor a drop database command in that so it is hard to say where you are going wrong. I suggest you write a self-contained psql script demonstrating explicitly the problematic behavior. A randomly created role that is neither a superuser nor the database owner will be unable to drop a database.
Is this possible in Postgres, we have tried all the commands.
Apparently including some that don't even exist...
Write a script, we don't care about permutations, choose your best guess, that doesn't have non-permission related errors i.e., no syntax problems or command not found. Then ask why that script does or doesn't behave in some way surprising to you.
David J.