Re: database specific pg_read_all_data / pg_write_all_data

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: richard coleman <rcoleman(dot)ascentgl(at)gmail(dot)com>
Cc: Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org>
Subject: Re: database specific pg_read_all_data / pg_write_all_data
Date: 2025-12-10 00:38:49
Message-ID: CAKFQuwZN+T10qAwtRRdjVjd_qXL=MsGeXZuFR_zhOUMH=NVBHw@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Tuesday, December 9, 2025, richard coleman <rcoleman(dot)ascentgl(at)gmail(dot)com>
wrote:

> In PostgreSQL 16+ the built in roles such as pg_read_all_data
> and pg_write_all_data are a welcome addition to permission setting in
> PostgreSQL.
>
> Unfortunately they appear to be server-wide roles.
>
> Woud it be possible to have roles like these that are database specific?
>

You can have roles that are database-specific; which then means those
roles can only apply the “all data” privileges within the database they are
permitted access to.

David J.

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Raj 2025-12-10 05:43:51 Data quality assessment
Previous Message Ron Johnson 2025-12-10 00:23:18 Re: database specific pg_read_all_data / pg_write_all_data