On 10/5/24 07:13, Matt Zagrabelny wrote: > Hi David (and others), > > Thanks for the info about Public. > > I should expound on my original email. > > In our dev and test environments our admins (alice, bob, eve) are > superusers. In production environments we'd like the admins to be read-only.
What are the REVOKE and GRANT commands you use to achieve that?
GRANT alice TO pg_read_all_data;
...and then I could do something like this:
-- for $database in $databases;
GRANT CONNECT ON database $database TO alice;
...but I'd like to achieve it without the `for` loop.
> > Is the Public role something I can leverage to achieve this desire?
