Path: blob/master/src/scripts/postgresql/read-only-user.sql
Views: 286
/*1Read-only users23The following sets the permissions to disable table creation, grants it to the `smc` user, and creates a read-only `smcro` user.45$ psql -a -f read-only-user.sql67After that, connect via psql like that:89$ PGUSER=smcro psql smc1011Note: one has to specify the table name as the first argument.12*/1314-- This will prevent default users from creating tables15REVOKE CREATE ON SCHEMA public FROM public;1617-- allow smc to create tables18-- superusers will always be able to create tables anyway19GRANT CREATE ON SCHEMA public to "smc";2021-- read-only user smcro22CREATE ROLE readonly;23ALTER ROLE readonly WITH LOGIN;24GRANT CONNECT ON DATABASE smc TO "readonly";25GRANT SELECT ON ALL TABLES IN SCHEMA public TO "readonly";2627-- hsy user28CREATE USER hsy IN GROUP readonly PASSWORD '<secret>';2930-- Grant USAGE to everyone, such that listing tables via \d works31GRANT USAGE ON SCHEMA public TO public;3233/*3435To actually enable the user hsy, also the pg_hba.conf file needed this line:36host all hsy all md53738and then re-reading the configuration via:3940SELECT pg_reload_conf();4142*/4344/* To delete the user, run these statements (as the 'smc' super-user, obviously)4546DROP OWNED BY hsy;47DROP USER hsy;4849*/5051