Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
/*
2
Read-only users
3

4
The following sets the permissions to disable table creation, grants it to the `smc` user, and creates a read-only `smcro` user.
5

6
$ psql -a -f read-only-user.sql
7

8
After that, connect via psql like that:
9

10
$ PGUSER=smcro psql smc
11

12
Note: one has to specify the table name as the first argument.
13
*/
14

15
-- This will prevent default users from creating tables
16
REVOKE CREATE ON SCHEMA public FROM public;
17

18
-- allow smc to create tables
19
-- superusers will always be able to create tables anyway
20
GRANT CREATE ON SCHEMA public to "smc";
21

22
-- read-only user smcro
23
CREATE ROLE readonly;
24
ALTER ROLE readonly WITH LOGIN;
25
GRANT CONNECT ON DATABASE smc TO "readonly";
26
GRANT SELECT ON ALL TABLES IN SCHEMA public TO "readonly";
27

28
-- hsy user
29
CREATE USER hsy IN GROUP readonly PASSWORD '<secret>';
30

31
-- Grant USAGE to everyone, such that listing tables via \d works
32
GRANT USAGE ON SCHEMA public TO public;
33

34
/*
35

36
To actually enable the user hsy, also the pg_hba.conf file needed this line:
37
host    all hsy all md5
38

39
and then re-reading the configuration via:
40

41
SELECT pg_reload_conf();
42

43
*/
44

45
/* To delete the user, run these statements (as the 'smc' super-user, obviously)
46

47
DROP OWNED BY hsy;
48
DROP USER hsy;
49

50
*/
51