[prev in list] [next in list] [prev in thread] [next in thread]
List: postgresql-general
Subject: Group Roles with Inheritance
From: "Igal () Lucee ! org" <igal () lucee ! org>
Date: 2017-12-23 19:18:59
Message-ID: 429a9c34-af4f-2214-42f0-e641162645cd () lucee ! org
[Download RAW message or body]
Hello,
I want to create three (group) roles. The first one will be read-only,
the second will add INSERT, and the third will add UPDATE and DELETE.
Does the below look OK for this purpose or did I forget something?
/** role_r is read-only with SELECT and EXECUTE */
CREATE ROLE role_r;
GRANT USAGE ON SCHEMA <schema> TO role_r;
GRANT SELECT ON ALL TABLES IN SCHEMA <schema> TO role_r;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA <schema> TO role_r;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA <schema> TO role_r;
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
GRANT SELECT ON TABLES TO role_r;
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
GRANT SELECT ON SEQUENCES TO role_r;
/** role_ra adds INSERT */
CREATE ROLE role_ra;
GRANT role_r TO role_ra;
GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_ra;
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
GRANT INSERT ON TABLES TO role_ra;
/** role_rawd adds UPDATE, DELETE */
CREATE ROLE role_rawd;
GRANT role_ra TO role_rawd;
GRANT INSERT ON ALL TABLES IN SCHEMA <schema> TO role_rawd;
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
GRANT UPDATE, DELETE ON TABLES TO role_rawd;
Thank you,
Igal Sapir
Lucee Core Developer
Lucee.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic