Home > mailing lists

Re: grant connect to all databases - Mailing list pgsql-general

From	Matt Zagrabelny
Subject	Re: grant connect to all databases
Date	October 5, 2024 17:13:59
Msg-id	CAOLfK3XOHnyWsLv_CdFAegWg1FgM3AK3WsO_r+rXSNjp8TQXcg@mail.gmail.com Whole thread Raw
In response to	Re: grant connect to all databases ("David G. Johnston" <david.g.johnston@gmail.com>)
Responses	Re: grant connect to all databases
List	pgsql-general

Tree view

Hi David (and others),

Thanks for the info about Public.

I should expound on my original email.

In our dev and test environments our admins (alice, bob, eve) are superusers. In production environments we'd like the admins to be read-only.

Is the Public role something I can leverage to achieve this desire?

Thanks for the help!

-m

On Sat, Oct 5, 2024 at 9:02 AM David G. Johnston <david.g.johnston@gmail.com> wrote:

On Saturday, October 5, 2024, Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
Hello,

I'd like to have a read-only user for all databases.

I found the pg_read_all_data role predefined role, which I granted to my RO user:

GRANT pg_read_all_data TO ro_user;

...but I cannot connect to my database(s).

I'd like to not have to iterate over all the databases and "GRANT CONNECT...".

Is there a way to do this with just one GRANT or equivalent command?

The pseudo-role Public exists for just this kind of thing. In fact, in a default installation it already is given connect privileges on all databases created by the bootstrap superuser.

David J.

pgsql-general by date:

From: "David G. Johnston"
Date: 05 October 2024, 17:02:43
Subject: Re: grant connect to all databases

From: Adrian Klaver
Date: 05 October 2024, 18:27:21
Subject: Re: grant connect to all databases

Re: grant connect to all databases - Mailing list pgsql-general

Previous

Next