Last active
June 30, 2023 14:55
-
-
Save daxmc99/38ae1397cefc4278e8381eed371bd222 to your computer and use it in GitHub Desktop.
Make a user read-only after its created via the Google api (ie via Terraform)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- CREATE read-only user when the user was created via the Google Cloud API (ie terraform) | |
| -- GOOGLE CLOUD by default give fairly broad permissions | |
| -- Prior reading https://stackoverflow.com/questions/13497352/error-permission-denied-for-relation-tablename-on-postgres-while-trying-a-selec | |
| -- https://www.digitalocean.com/docs/databases/postgresql/how-to/modify-user-privileges/ | |
| REVOKE ALL ON DATABASE db FROM "dev-readonly"; | |
| -- This next line is important | |
| REVOKE cloudsqlsuperuser FROM "dev-readonly"; | |
| GRANT USAGE ON SCHEMA public TO "dev-readonly"; | |
| ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO "dev-readonly"; | |
| GRANT CONNECT on DATABASE db TO "dev-readonly"; | |
| ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES to "dev-readonly"; | |
| GRANT USAGE ON SCHEMA public to "dev-readonly"; | |
| GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "dev-readonly"; | |
| GRANT SELECT ON ALL TABLES IN SCHEMA public TO "dev-readonly"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nice one.
A question on
GRANT USAGE ON SCHEMA public to "dev-readonly";: it doesn't seem to work for me:Are you getting that as well?
-> I logged in via
psqlas the DB owner.