Home > mailing lists

create read-only and revoke create function? - Mailing list pgsql-novice

From	Ron Watkins
Subject	create read-only and revoke create function?
Date	August 14, 2023 18:19:20
Msg-id	CAPdrarqjFv3WSUzeppkRxYKicvm7TZ2xuHUEbhzbNg2yRtie2w@mail.gmail.com Whole thread Raw
Responses	Re: create read-only and revoke create function? ("David G. Johnston" <david.g.johnston@gmail.com>)
List	pgsql-novice

Tree view

Management has requested to setup a group of users as READ-ONLY, and to revoke their ability to create tables, views, procedures, functions, etc...

I looked around, and did the following, but it's not working as expected.

CREATE ROLE "RO_Role" WITH
NOLOGIN
NOSUPERUSER
INHERIT
NOCREATEDB
NOCREATEROLE
NOREPLICATION;

COMMENT ON ROLE "RO_Role" IS 'Read-Only role.';

GRANT "RO_Role" to <users>;

GRANT SELECT ON TABLE <tablename> TO "RO_Role";

GRANT EXECUTE ON FUNCTION <functions> TO "RO_ROLE";

On one server, this seems to have limited the users ability to write to tables, but on the other server it didn't work, they can still write to tables.

As for the functions, they can still create. Not sure how to prevent this from happening.

Suggestions?

Ron Watkins, K7DOG
602.743.5272

pgsql-novice by date:

From: Mahesh Govind
Date: 09 August 2023, 19:40:30
Subject: Handling large number transactions

From: "David G. Johnston"
Date: 14 August 2023, 21:04:33
Subject: Re: create read-only and revoke create function?

create read-only and revoke create function? - Mailing list pgsql-novice

Previous

Next