Providing select privileges for all tables in PostgreSQL

Swapnil Suryawanshi
Swapnil Suryawanshi

In the PostgreSQL database, it's impossible to assign read-only privileges for all tables using the Grant select all table to user like we can do in Oracle. Instead, we must use a two-step process outline below to accommodate that task.

To over come this issue we have made below steps to grant read only privileges in postgresql databases in simple method.

edb=# create user read_only_user with password 'read';

edb=# \t

Tuples only is on.

edb=# \o grant.sql

edb=# select 'grant select on all TABLES in SCHEMA '||schema_name||' to read_only_user;' from information_schema.schemata;

edb=# \o

edb=# \q

[enterprisedb@localhost ~]$ psql -f grant.sql -d edb -U enterprisedb -p 5444

#####grant access to the new table in the future automatically

edb=# \t

Tuples only is on.

edb=# \o Alter.sql

edb=# select 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||schema_name||' GRANT SELECT ON TABLES to read_only_user;' from information_schema.schemata;

edb=# \o

edb=# \q

[enterprisedb@localhost ~]$ psql -f Alter.sql -d edb -U enterprisedb -p 5444

Example:

edb=# create table t1 (name varchar2, type int);
CREATE TABLE
edb=# 
edb=# insert into t1(name) values ('I''m OK');
INSERT 0 1
edb=# 
edb=# select * from t1;
name | type 
I'm OK | 
(1 row)

edb=# create user read_only_user with password 'read';
CREATE ROLE
edb=# 
edb=# \t
Tuples only is on.
edb=# \o grant.sql
edb=# select 'grant select on all TABLES in SCHEMA '||schema_name||' to read_only_user;' from information_schema.schemata;
edb=# \o
edb=# \q
[enterprisedb@localhost ~]$ 
[enterprisedb@localhost ~]$ ls -lrt grant.sql 
-rw-rw-r--. 1 enterprisedb enterprisedb 669 Feb 1 21:57 grant.sql
[enterprisedb@localhost ~]$ 
[enterprisedb@localhost ~]$ psql -f grant.sql -d edb -U enterprisedb -p 5444
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
[enterprisedb@localhost ~]$ 
[enterprisedb@localhost ~]$ psql edb
psql (13.4.8, server 13.4.8)
Type "help" for help.

edb=# \c edb read_only_user ;
psql (13.4.8, server 13.4.8)
You are now connected to database "edb" as user "read_only_user".
edb=> 
edb=> 
edb=> 
edb=> select * from t1;
name | type 
I'm OK | 
(1 row)

edb=> 

As we can see we are able to select(read) data from table T1 which was already present in the database. Now lets try to create another table T2 :

edb=> \c edb enterprisedb 
psql (13.4.8, server 13.4.8)
You are now connected to database "edb" as user "enterprisedb".
edb=# 
edb=# 
edb=# create table t2 (name varchar2, type int);
CREATE TABLE
edb=# 
edb=# insert into t2(name) values (name 'shaikh');
INSERT 0 1
edb=# 
edb=# \c edb read_only_user 
psql (13.4.8, server 13.4.8)
You are now connected to database "edb" as user "read_only_user".
edb=> select * from t2;
ERROR: permission denied for table t2
edb=> 

We are unable to read data from table T2 because we have not provided select privileges to “read_only_user” for the table which are going to be created in future.

Now let’s provide select privileges to “read_only_user” for future tables:

edb=> \c edb enterprisedb 
psql (13.4.8, server 13.4.8)
You are now connected to database "edb" as user "enterprisedb".
edb=# 
edb=# \t
Tuples only is on.
edb=# \o Alter.sql
edb=# select 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||schema_name||' GRANT SELECT ON TABLES to read_only_user;' from information_schema.schemata;
edb=# \o
edb=# \q

Now create new table T3 and verify the access for user read_only_user:

edb=# \c edb read_only_user 
psql (13.4.8, server 13.4.8)
You are now connected to database "edb" as user "read_only_user".
edb=> 
edb=# create table t3 (name varchar2, type int);
CREATE TABLE
edb=# 
edb=# insert into t3(name) values (name 'students');
INSERT 0 1
edb=# 
edb=# \c edb read_only_user 
psql (13.4.8, server 13.4.8)
You are now connected to database "edb" as user "read_only_user".
edb=> 
edb=> select * from t3;
name | type 
students | 
(1 row)

edb=> 

We can see that we are able to access table T3 which is created after granting privileges to read_only_user but still he can read data from table T3.

Was this article helpful?

0 out of 0 found this helpful