timeseriesdb
timeseriesdb copied to clipboard
Published
20 hours ago •
mbannert
mbannert
grant schema access to <schema>_reader
Currently db admins need to grant all on schema <schema name> to <user name> for each individual user who needs to work with a specific schema.
Would it not be easier to grant schema access <schema>_reader (and thus _writer and _admin)? That way new users only need the grant to _reader, which they need anyway, and they are set.
Was there any reason why we did it the way we did?
inst/sql/create_roles.sql
CREATE ROLE timeseries_reader NOLOGIN;
CREATE ROLE timeseries_writer NOLOGIN;
GRANT timeseries_reader TO timeseries_writer;
CREATE ROLE timeseries_access_public;
CREATE ROLE timeseries_access_main;
CREATE ROLE timeseries_access_restricted;
GRANT timeseries_access_public TO timeseries_access_main;
GRANT timeseries_access_main to timeseries_access_restricted;
CREATE ROLE timeseries_admin NOLOGIN;
GRANT timeseries_writer TO timeseries_admin;
GRANT timeseries_access_restricted TO timeseries_admin;
GRANT ALL ON SCHEMA timeseries TO timeseries_admin;
Well, I guess we do not want to grant ALL to readers but granting select to _reader and insert, update to _writer in this script should work.