Difference between revisions of "PostgreSQL predefined roles"
Jump to navigation
Jump to search
(18 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
* https://www.postgresql.org/docs/current/predefined-roles.html | * https://www.postgresql.org/docs/current/predefined-roles.html | ||
+ | |||
+ | |||
+ | * <code>[[pg_read_all_data]]</code> Read all data (tables, views, sequences), as if having SELECT rights on those objects, and USAGE rights on all schemas, even without having it explicitly. This role does not have the role attribute BYPASSRLS set. If RLS is being used, an administrator may wish to set BYPASSRLS on roles which this role is GRANTed to. | ||
+ | * <code>pg_write_all_data</code> Write all data (tables, views, sequences), as if having INSERT, UPDATE, and DELETE rights on those objects, and USAGE rights on all schemas, even without having it explicitly. This role does not have the role attribute BYPASSRLS set. If RLS is being used, an administrator may wish to set BYPASSRLS on roles which this role is GRANTed to. | ||
+ | * <code>[[pg_read_all_settings]]</code> Read all configuration variables, even those normally visible only to [[superusers]]. | ||
+ | * <code>[[pg_read_all_stats]]</code> Read all <code>[[pg_stat_*]]</code> views and use various statistics related extensions, even those normally visible only to superusers. | ||
+ | * <code>[[pg_stat_scan_tables]]</code> Execute monitoring functions that may take [[ACCESS SHARE locks]] on tables, potentially for a long time. | ||
+ | * <code>[[pg_monitor]]</code> Read/execute various monitoring views and functions. This role is a member of <code>[[pg_read_all_settings]]</code>, <code>[[pg_read_all_stats]]</code> and <code>[[pg_stat_scan_tables]]</code>. | ||
+ | * <code>pg_database_owner</code> None. Membership consists, implicitly, of the current database owner. | ||
+ | * <code>pg_signal_backend</code> Signal another backend to cancel a query or terminate its session. | ||
+ | * <code>[[pg_read_server_files]]</code> Allow reading files from any location the database can access on the server with COPY and other file-access functions. | ||
+ | * pg_write_server_files Allow writing to files in any location the database can access on the server with COPY and other file-access functions. | ||
+ | * pg_execute_server_program Allow executing programs on the database server as the user the database runs as with COPY and other functions which allow executing a server-side program. | ||
+ | * pg_checkpoint Allow executing the CHECKPOINT command. | ||
+ | * pg_use_reserved_connections Allow use of connection slots reserved via reserved_connections. | ||
+ | * <code>[[pg_create_subscription]]</code> Allow users with CREATE permission on the database to issue CREATE [[SUBSCRIPTION]]. | ||
[[GRANT]] [[pg_read_all_data]] TO xxx; | [[GRANT]] [[pg_read_all_data]] TO xxx; | ||
+ | [[create user]] | ||
− | + | * [[Read only]] | |
== See also == | == See also == | ||
− | * {{ | + | * {{PostgreSQL users}} |
+ | * {{GRANT ALL}} | ||
* {{GRANT}} | * {{GRANT}} | ||
[[Category:PostgreSQL]] | [[Category:PostgreSQL]] |
Latest revision as of 16:12, 20 September 2024
pg_read_all_data
Read all data (tables, views, sequences), as if having SELECT rights on those objects, and USAGE rights on all schemas, even without having it explicitly. This role does not have the role attribute BYPASSRLS set. If RLS is being used, an administrator may wish to set BYPASSRLS on roles which this role is GRANTed to.pg_write_all_data
Write all data (tables, views, sequences), as if having INSERT, UPDATE, and DELETE rights on those objects, and USAGE rights on all schemas, even without having it explicitly. This role does not have the role attribute BYPASSRLS set. If RLS is being used, an administrator may wish to set BYPASSRLS on roles which this role is GRANTed to.pg_read_all_settings
Read all configuration variables, even those normally visible only to superusers.pg_read_all_stats
Read allpg_stat_*
views and use various statistics related extensions, even those normally visible only to superusers.pg_stat_scan_tables
Execute monitoring functions that may take ACCESS SHARE locks on tables, potentially for a long time.pg_monitor
Read/execute various monitoring views and functions. This role is a member ofpg_read_all_settings
,pg_read_all_stats
andpg_stat_scan_tables
.pg_database_owner
None. Membership consists, implicitly, of the current database owner.pg_signal_backend
Signal another backend to cancel a query or terminate its session.pg_read_server_files
Allow reading files from any location the database can access on the server with COPY and other file-access functions.- pg_write_server_files Allow writing to files in any location the database can access on the server with COPY and other file-access functions.
- pg_execute_server_program Allow executing programs on the database server as the user the database runs as with COPY and other functions which allow executing a server-side program.
- pg_checkpoint Allow executing the CHECKPOINT command.
- pg_use_reserved_connections Allow use of connection slots reserved via reserved_connections.
pg_create_subscription
Allow users with CREATE permission on the database to issue CREATE SUBSCRIPTION.
GRANT pg_read_all_data TO xxx; create user
See also[edit]
- PostgreSQL users, predefined roles:
pg_read_all_data, pg_monitor
,create role
,.pgpass
, PostgreSQL read only user GRANT ALL
GRANT
,\ddp
,GRANT USAGE
,GRANT ALL PRIVILEGES
,GRANT SELECT
, View GRANTs on Redshift,has_table_privilege
,has_schema_privilege
,HAS_DATABASE_PRIVILEGE
,SCHEMA
, Privileges,GRANT EXECUTE
Advertising: