dampfklon/read-access.sql

## read-access.sql
-- Revoke default permissions
REVOKE ALL ON SCHEMA public FROM public
GRANT ALL ON SCHEMA public TO writeuser

-- Create a group
CREATE ROLE readaccess;

-- Grant access to existing tables
GRANT USAGE ON SCHEMA public TO readaccess;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO readaccess;

-- Grant access to future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO readaccess;

-- Create a final user with password
CREATE USER tomek WITH PASSWORD 'secret';
GRANT readaccess TO readuser;
	-- Revoke default permissions
	REVOKE ALL ON SCHEMA public FROM public
	GRANT ALL ON SCHEMA public TO writeuser

	-- Create a group
	CREATE ROLE readaccess;

	-- Grant access to existing tables
	GRANT USAGE ON SCHEMA public TO readaccess;
	GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess;
	GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO readaccess;

	-- Grant access to future tables
	ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess;
	ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO readaccess;

	-- Create a final user with password
	CREATE USER tomek WITH PASSWORD 'secret';
	GRANT readaccess TO readuser;