DEV Community

Cover image for How to create a read-only user in PostgreSQL
Jonathan Zarate
Jonathan Zarate

Posted on

5

How to create a read-only user in PostgreSQL

#postgres #sql #developer #database

Steps Overview

Connect to PostgreSQL: Start by connecting to the PostgreSQL database with superuser privileges.

Create a Role for Read-Only Access: We will create a group role that has only read privileges on all tables in the target database, ensuring future tables will also inherit these permissions.

Grant Necessary Privileges: We'll grant the SELECT privilege on all existing tables, views, and sequences in the schema. Additionally, default privileges will be set for any future tables.

Create a Login Role: A login role will be created and assigned to the read-only group role, ensuring it inherits the appropriate read-only permissions.

Restrict Permissions: Finally, we’ll ensure the user cannot create, modify, or delete data, and revoke any unnecessary permissions.

Connect to PostgreSQL 

psql -U postgres -d database
Enter fullscreen mode Exit fullscreen mode

Create a new Role Group 

CREATE ROLE role_group NOINHERIT;
Enter fullscreen mode Exit fullscreen mode

Assign privileges to role_group 

GRANT CONNECT ON DATABASE database TO role_group;
GRANT USAGE ON SCHEMA public TO role_group;
Enter fullscreen mode Exit fullscreen mode 
SELECT 'GRANT SELECT ON '||schemaname||'."'||tablename||'" TO role_group;' FROM pg_tables WHERE schemaname IN ('public') ORDER BY schemaname, tablename;
Enter fullscreen mode Exit fullscreen mode

You will see a list of GRANT statements.
Copy the GRANT statements generated by the query and then paste them into your terminal window. 
To restrict access to a subset of tables, only run the GRANT statements for the corresponding tables.

Assign privileges SELECT to future tables

ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO role_group;
Enter fullscreen mode Exit fullscreen mode

Create user with password 

CREATE ROLE user_read_only LOGIN PASSWORD 'password' NOSUPERUSER NOCREATEDB NOCREATEROLE;
Enter fullscreen mode Exit fullscreen mode

Assign role group role_group to user user_read_only

GRANT role_group TO user_read_only;
Enter fullscreen mode Exit fullscreen mode

Verify that the role group role_group not privileges of the postgres or public

REVOKE ALL ON SCHEMA public FROM public;
REVOKE ALL ON DATABASE database FROM public;
Enter fullscreen mode Exit fullscreen mode

Test access 

psql -U user_read_only -d database
Enter fullscreen mode Exit fullscreen mode

Performs create table operations, update data in any table, delete items. You should receive a permission denied message.

Regards,

profile
Sentry
 Promoted

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (0)

profile
AWS
 Promoted

AWS Security LIVE!

Join us for AWS Security LIVE!

Discover the future of cloud security. Tune in live for trends, tips, and solutions from AWS and AWS Partners.

Learn More

Read next

kathir_b_7a1a5642d3c42779 profile image

Deploying a MERN Stack App on AWS EC2

kathir b -

mikeyoung44 profile image

AI Model Learns to Break Down Complex Problems, Boosting Math Skills by 17%

Mike Young -

mikeyoung44 profile image

New AI Training Method Speeds Up Language Models by 17% Without Performance Loss

Mike Young -

mikeyoung44 profile image

Larger AI Models Like GPT-4 Better at Compressing Their Own Reasoning, Study Shows

Mike Young -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay