PostgreSQL: Script to Create a Read-Only Database User

This article is half-done without your Comment! *** Please share your thoughts via Comment ***

In this post, I am sharing the help on how to create, a read-only user with limited access in PostgreSQL Database Server?.

As a Database Administrator, you should create different database users for the different purposes.
In the standard application, there are a few various types of Database Users like Application user, Read-only user, Admin user.

You should always create a shared database role group and assign roles to the user.

Here, I am sharing one script to create the read only user with limited access to PostgreSQL Database. This user can only SELECT table data and also restricted by schema access.

Create the Read-Only user:

1 2	CREATE ROLE Read_Only_User WITH LOGIN PASSWORD 'Test1234' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity';

Assign permissions to the read only user:

GRANT CONNECT ON DATABASE YourDatabaseName TO Read_Only_User;

GRANT USAGE ON SCHEMA public TO Read_Only_User;

GRANT SELECT ON ALL TABLES IN SCHEMA public TO Read_Only_User;

GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO Read_Only_User;

In the above script, you can find that I restricted user by Database, Schema and gave only SELECT permission for tables.

If you need to give any additional permission like EXECUTE permission for functions, use below script.

1	GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO Read_Only_User;

Oct 22, 2015Anvesh Patel

Comments: 9

Michael

February 25, 2016 at 7:32 am

Hi!
I found Your website very useful and recently I got into this particular article.
What I wanted to share is a little addition which I tried many times and which is about forbidding a user from making any transactions on the DB.
Apart from what You’ve showed above, one could add

alter user set default_transaction_read_only = on;

This little piece of code is specially useful when creating a user account to handle backup.

Once again – great job with this website!

Anvesh Patel
February 27, 2016 at 7:47 am
Thanks, Michael for your input.
We can also add this.
Ana
May 16, 2016 at 9:53 pm
Hi! The information provided is very helpful.

I am having trouble forbidding not a user but a group of users from making transaction on DB. Any idea of how to that using what Michael is proposing?

Thanks in advance
- Anvesh Patel
  May 17, 2016 at 4:43 am
  Yes, you can set default_transaction_read_only to a particular user or group of the user.
  This parameter controls the default read-only status of each new transaction.
  The default is off.

Pippo

March 27, 2018 at 4:37 am

How do you prevent readonly user to create new tables?

Anvesh Patel
March 28, 2018 at 7:24 pm
REVOKE CREATE ON SCHEMA public FROM public;

anupam vishwakarma

May 30, 2018 at 12:13 pm

Hi Anvesh,
I followed all the steps but there is error wile accessing tables . please suggest
psql -d postgres -Umonitor_123 -W
Password for user monitor_rplus:
psql (9.2.13, server 9.2.2)
Type “help” for help.

postgres=> \dt
No relations found.
postgres=> \c database1
Password for user monitor_123:
psql (9.2.13, server 9.2.2)
You are now connected to database “revenueplus” as user “monitor_rplus”.
revenueplus=> \dt
List of relations
Schema | Name | Type | Owner
——–+————————————+——-+——-
public | foo | table | xxxxx

database1=> select count(*) from foo;
ERROR: permission denied for relation foo

Anvesh Patel
May 30, 2018 at 7:22 pm
Did you give the schema permission? Is foo by default created in public schema?

Abhi

January 26, 2019 at 2:24 pm

Can we grant a user access to different databases in postgres?
If so, how to grant read only access to different databases. Thanks in advance

PostgreSQL: Script to Create a Read-Only Database User

Anvesh Patel

About Me!

About DBRND !

Recent Comments !

Follow Me !