Difference between revisions of "PostgreSQL predefined roles"

From wikieduonline
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 7: Line 7:
 
* <code>[[pg_read_all_stats]]</code> Read all <code>[[pg_stat_*]]</code> views and use various statistics related extensions, even those normally visible only to superusers.
 
* <code>[[pg_read_all_stats]]</code> Read all <code>[[pg_stat_*]]</code> views and use various statistics related extensions, even those normally visible only to superusers.
 
* <code>[[pg_stat_scan_tables]]</code> Execute monitoring functions that may take [[ACCESS SHARE locks]] on tables, potentially for a long time.
 
* <code>[[pg_stat_scan_tables]]</code> Execute monitoring functions that may take [[ACCESS SHARE locks]] on tables, potentially for a long time.
* <code>pg_monitor</code> Read/execute various monitoring views and functions. This role is a member of <code>[[pg_read_all_settings]]</code>, <code>[[pg_read_all_stats]]</code> and <code>[[pg_stat_scan_tables]]</code>.
+
* <code>[[pg_monitor]]</code> Read/execute various monitoring views and functions. This role is a member of <code>[[pg_read_all_settings]]</code>, <code>[[pg_read_all_stats]]</code> and <code>[[pg_stat_scan_tables]]</code>.
 
* <code>pg_database_owner</code> None. Membership consists, implicitly, of the current database owner.
 
* <code>pg_database_owner</code> None. Membership consists, implicitly, of the current database owner.
 
* <code>pg_signal_backend</code> Signal another backend to cancel a query or terminate its session.
 
* <code>pg_signal_backend</code> Signal another backend to cancel a query or terminate its session.
Line 19: Line 19:
  
 
  [[GRANT]] [[pg_read_all_data]] TO xxx;
 
  [[GRANT]] [[pg_read_all_data]] TO xxx;
 +
[[create user]]
  
 
* [[Read only]]
 
* [[Read only]]

Latest revision as of 16:12, 20 September 2024


  • pg_read_all_data Read all data (tables, views, sequences), as if having SELECT rights on those objects, and USAGE rights on all schemas, even without having it explicitly. This role does not have the role attribute BYPASSRLS set. If RLS is being used, an administrator may wish to set BYPASSRLS on roles which this role is GRANTed to.
  • pg_write_all_data Write all data (tables, views, sequences), as if having INSERT, UPDATE, and DELETE rights on those objects, and USAGE rights on all schemas, even without having it explicitly. This role does not have the role attribute BYPASSRLS set. If RLS is being used, an administrator may wish to set BYPASSRLS on roles which this role is GRANTed to.
  • pg_read_all_settings Read all configuration variables, even those normally visible only to superusers.
  • pg_read_all_stats Read all pg_stat_* views and use various statistics related extensions, even those normally visible only to superusers.
  • pg_stat_scan_tables Execute monitoring functions that may take ACCESS SHARE locks on tables, potentially for a long time.
  • pg_monitor Read/execute various monitoring views and functions. This role is a member of pg_read_all_settings, pg_read_all_stats and pg_stat_scan_tables.
  • pg_database_owner None. Membership consists, implicitly, of the current database owner.
  • pg_signal_backend Signal another backend to cancel a query or terminate its session.
  • pg_read_server_files Allow reading files from any location the database can access on the server with COPY and other file-access functions.
  • pg_write_server_files Allow writing to files in any location the database can access on the server with COPY and other file-access functions.
  • pg_execute_server_program Allow executing programs on the database server as the user the database runs as with COPY and other functions which allow executing a server-side program.
  • pg_checkpoint Allow executing the CHECKPOINT command.
  • pg_use_reserved_connections Allow use of connection slots reserved via reserved_connections.
  • pg_create_subscription Allow users with CREATE permission on the database to issue CREATE SUBSCRIPTION.


GRANT pg_read_all_data TO xxx;
create user

See also[edit]

Advertising: