dampfklon · August 5, 2018 21:07
diff --git a/read-access.sql b/read-access.sql
 -- Revoke default permissions
 REVOKE ALL ON SCHEMA public FROM public
 GRANT ALL ON SCHEMA public TO writeuser

 -- Create a group
 CREATE ROLE readaccess;

 -- Grant access to existing tables
 GRANT USAGE ON SCHEMA public TO readaccess;
 GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess;
 GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO readaccess;

 -- Grant access to future tables
 ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess;
 ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO readaccess;

 -- Create a final user with password
 CREATE USER tomek WITH PASSWORD 'secret';
 GRANT readaccess TO readuser;
	-- Revoke default permissions
	REVOKE ALL ON SCHEMA public FROM public
	GRANT ALL ON SCHEMA public TO writeuser

	-- Create a group
	CREATE ROLE readaccess;

	-- Grant access to existing tables
	GRANT USAGE ON SCHEMA public TO readaccess;
	GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess;
	GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO readaccess;

	-- Grant access to future tables
	ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess;
	ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO readaccess;

	-- Create a final user with password
	CREATE USER tomek WITH PASSWORD 'secret';
	GRANT readaccess TO readuser;