Commit 6ed683ed authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

cleanup of some comments

parent 166ee105
......@@ -279,42 +279,15 @@ export -f dump_mysql_dbs
#
# not as simple as the mysql version; we need to make sure that:
# a). given role is created...
# b). ...and granted CONNECT on all databases...
# c). ...and granted SELECT on pg_authid...
# b). ...and granted SELECT on pg_authid...
# c). ...and granted CONNECT on all databases...
# d). ...and granted USAGE on all schemas in all databases...
# e). ...and granted SELECT on all tables and sequences in all schemas in all databases...
# f). ...and granted EXECUTE on all functions in all schemas in all databases...
# g). ...and that the default privileges for all roles in all schemas in all databases grant
# the new read-only role SELECT on tables and sequences, and EXECUTE on functions
# created in the future.
# g). ...and that the default privileges for all roles grant the new read-only role
# SELECT on tables and sequences, and EXECUTE on functions created in the future.
#
# ref. https://wiki.postgresql.org/images/d/d1/Managing_rights_in_postgresql.pdf
#
# granting the readonly user access to all tables in a database:
# CREATE ROLE readonly NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN NOREPLICATION PASSWORD '$DUMP_PASS';
# GRANT SELECT ON pg_authid TO readonly;
# and for each database:
# GRANT CONNECT ON DATABASE a_database TO readonly;
# \c a_database
# GRANT USAGE ON SCHEMA a_schema TO readonly;
# GRANT SELECT ON ALL TABLES IN SCHEMA a_schema TO readonly;
# GRANT SELECT ON ALL SEQUENCES IN SCHEMA a_schema TO readonly;
# ALTER DEFAULT PRIVILEGES IN SCHEMA a_schema GRANT SELECT ON TABLES TO readonly;
# ALTER DEFAULT PRIVILEGES IN SCHEMA a_schema GRANT SELECT ON SEQUENCES TO readonly;
# a_schema is usually "public"
#
# CREATE ROLE readonly LOGIN PASSWORD 'some_pass';
# -- Existing objects
# GRANT CONNECT ON DATABASE the_db TO readonly;
# GRANT USAGE ON SCHEMA public TO readonly;
# GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
# GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO readonly;
# GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO readonly;
# -- New objects
# ALTER DEFAULT PRIVILEGES FOR ROLE ddl_user IN SCHEMA public GRANT SELECT ON TABLES TO readonly;
# ALTER DEFAULT PRIVILEGES FOR ROLE ddl_user IN SCHEMA public GRANT SELECT ON SEQUENCES TO readonly;
# ALTER DEFAULT PRIVILEGES FOR ROLE ddl_user IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO readonly;
# https://wiki.postgresql.org/images/d/d1/Managing_rights_in_postgresql.pdf
function create_readonly_postgres_user() {
# get the details
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment