add_readonly_across_dbs.sql

-- Add readaccess group with read permissions on dev, alpha, and beta db within same instance
-- Add new readonly user and add to readaccess group

-- Create a group role readaccess
CREATE ROLE readaccess;

-- Grant connect to databases for readonly role
GRANT CONNECT ON DATABASE dev TO readaccess;
GRANT CONNECT ON DATABASE alpha TO readaccess;
GRANT CONNECT ON DATABASE beta TO readaccess;

-- run within each database (doesn't work, need to login to each db seperately to get this to run)
GRANT USAGE ON SCHEMA dev.public TO readaccess;
GRANT SELECT ON ALL TABLES IN SCHEMA dev.public TO readaccess;
ALTER DEFAULT PRIVILEGES IN SCHEMA dev.public GRANT
SELECT ON TABLES TO readaccess;

GRANT USAGE ON SCHEMA alpha.public TO readaccess;
GRANT SELECT ON ALL TABLES IN SCHEMA alpha.public TO readaccess;
ALTER DEFAULT PRIVILEGES IN SCHEMA alpha.public GRANT
SELECT ON TABLES TO readaccess;

GRANT USAGE ON SCHEMA beta.public TO readaccess;
GRANT SELECT ON ALL TABLES IN SCHEMA beta.public TO readaccess;
ALTER DEFAULT PRIVILEGES IN SCHEMA beta.public GRANT
SELECT ON TABLES TO readaccess;


-- Create user role readonly
CREATE USER readonly WITH PASSWORD 'secret';
GRANT readaccess TO readonly;