Commit 36f771f1 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

bugfix; role and default privileges handling moved to the beginning of the...

bugfix; role and default privileges handling moved to the beginning of the create_readonly_postgres_user
parent 6ed683ed
......@@ -313,6 +313,21 @@ function create_readonly_postgres_user() {
GRANT SELECT ON pg_authid TO $RUSER_NAME;" \
|| display_error_and_quit "Error creating the $RUSER_NAME role and granting SELECT on pg_authid."
# get the list of roles
ROLES="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -Aqt -c '\dg' | grep '|' | cut -d '|' -f 1 )" \
|| display_error_and_quit "Error getting list of databases"
# and for each role
for ROLE in $ROLES; do
# set default privileges on tables/sequences/function
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT SELECT ON TABLES TO $RUSER_NAME;
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT SELECT ON SEQUENCES TO $RUSER_NAME;
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT EXECUTE ON FUNCTIONS TO $RUSER_NAME;" \
|| display_error_and_quit "Error altering default privileges for role $ROLE"
done
# get the list of databases
DATABASES="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -lAqt | grep '|' | cut -d '|' -f 1 | egrep -v "template[0-9]" )" \
|| display_error_and_quit "Error getting list of databases"
......@@ -348,20 +363,6 @@ function create_readonly_postgres_user() {
|| display_error_and_quit "Error granting USAGE on schema $SCHEMA"
done
done
# get the list of roles
ROLES="$( PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c '\dg' | grep '|' | cut -d '|' -f 1 )" \
|| display_error_and_quit "Error getting list of databases"
# and for each role
for ROLE in $ROLES; do
# set default privileges on tables/sequences/function
PGPASSWORD="$PG_PASS" psql -h "$PG_HOST" -U "$PG_USER" -c "
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT SELECT ON TABLES TO $RUSER_NAME;
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT SELECT ON SEQUENCES TO $RUSER_NAME;
ALTER DEFAULT PRIVILEGES FOR ROLE $ROLE GRANT EXECUTE ON FUNCTIONS TO $RUSER_NAME;" \
|| display_error_and_quit "Error altering default privileges for role $ROLE"
done
}
export -f create_readonly_postgres_user
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment