'Group Roles with Inheritance'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-general
Subject:    Group Roles with Inheritance
From:       "Igal  ()  Lucee ! org" <igal () lucee ! org>
Date:       2017-12-23 19:18:59
Message-ID: 429a9c34-af4f-2214-42f0-e641162645cd () lucee ! org
[Download RAW message or body]

Hello,

I want to create three (group) roles.  The first one will be read-only, 
the second will add INSERT, and the third will add UPDATE and DELETE.

Does the below look OK for this purpose or did I forget something?


/** role_r is read-only with SELECT and EXECUTE */
CREATE ROLE role_r;

GRANT USAGE ON SCHEMA <schema> TO role_r;

GRANT SELECT ON ALL TABLES IN SCHEMA <schema> TO role_r;

GRANT SELECT ON ALL SEQUENCES IN SCHEMA <schema> TO role_r;

GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA <schema> TO role_r;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
     GRANT SELECT ON TABLES TO role_r;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
     GRANT SELECT ON SEQUENCES TO role_r;


/** role_ra adds INSERT */
CREATE ROLE role_ra;
GRANT role_r TO role_ra;

GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_ra;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
     GRANT INSERT ON TABLES TO role_ra;


/** role_rawd adds UPDATE, DELETE */
CREATE ROLE role_rawd;
GRANT role_ra TO role_rawd;

GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_rawd;

ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
     GRANT UPDATE, DELETE ON TABLES TO role_rawd;


Thank you,


Igal Sapir
Lucee Core Developer
Lucee.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic