| From: | Ron Johnson <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: database specific pg_read_all_data / pg_write_all_data |
| Date: | 2025-12-09 22:45:58 |
| Message-ID: | CANzqJaA8JTM1V_+9ACXGWjbCYYu_hio5EA-=2ne_7jmmhw31FQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Tue, Dec 9, 2025 at 4:13 PM richard coleman <rcoleman(dot)ascentgl(at)gmail(dot)com>
wrote:
> In PostgreSQL 16+ the built in roles such as pg_read_all_data
> and pg_write_all_data are a welcome addition to permission setting in
> PostgreSQL.
>
> Unfortunately they appear to be server-wide roles.
>
> Woud it be possible to have roles like these that are database specific?
>
> If there are 100 databases on a server, it would be extremely helpful to
> be able to do something like:
>
> *grant *pg_read_all_data* on database *foo* to *user_role*;*
>
> Otherwise these roles are unusable from a practical stand point on servers
> with multiple unrelated databases.
>
How about
ALTER DEFAULT PRIVILEGES IN SCHEMA foo1, foo2, foo3, ... GRANT SELECT ON
ALL TABLE TO bar;
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | richard coleman | 2025-12-09 23:21:05 | Re: database specific pg_read_all_data / pg_write_all_data |
| Previous Message | richard coleman | 2025-12-09 21:13:11 | database specific pg_read_all_data / pg_write_all_data |