Home > mailing lists

Re: database specific pg_read_all_data / pg_write_all_data - Mailing list pgsql-admin

From	Ron Johnson
Subject	Re: database specific pg_read_all_data / pg_write_all_data
Date	December 10 01:45:58
Msg-id	CANzqJaA8JTM1V_+9ACXGWjbCYYu_hio5EA-=2ne_7jmmhw31FQ@mail.gmail.com Whole thread Raw
In response to	database specific pg_read_all_data / pg_write_all_data (richard coleman <rcoleman.ascentgl@gmail.com>)
Responses	Re: database specific pg_read_all_data / pg_write_all_data
List	pgsql-admin

Tree view

On Tue, Dec 9, 2025 at 4:13 PM richard coleman <rcoleman.ascentgl@gmail.com> wrote:

In PostgreSQL 16+ the built in roles such as pg_read_all_data and pg_write_all_data are a welcome addition to permission setting in PostgreSQL.

Unfortunately they appear to be server-wide roles.

Woud it be possible to have roles like these that are database specific?

If there are 100 databases on a server, it would be extremely helpful to be able to do something like:

grant pg_read_all_data on database foo to user_role;

Otherwise these roles are unusable from a practical stand point on servers with multiple unrelated databases.

How about

ALTER DEFAULT PRIVILEGES IN SCHEMA foo1, foo2, foo3, ... GRANT SELECT ON ALL TABLE TO bar;

Death to <Redacted>, and butter sauce.

Don't boil me, I'm still alive.

<Redacted> lobster!

pgsql-admin by date:

From: richard coleman
Date: 10 December, 00:13:11
Subject: database specific pg_read_all_data / pg_write_all_data

From: richard coleman
Date: 10 December, 02:21:05
Subject: Re: database specific pg_read_all_data / pg_write_all_data

Re: database specific pg_read_all_data / pg_write_all_data - Mailing list pgsql-admin

Previous

Next