Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Postgresql database superuser

Tags:

permissions

postgresql

sql-grant

I am attempting to secure a database made up of multiple schemas as follows:-

-public
-foo
-bar
-foobar

I want to create a user who can access any schema for read, can create tables in bar and can inert/update/delete in foo,bar and foobar

I would prefer to create user as a database superuser and then remove privileges as required.

I thought:-

CREATE USER test_superuser;
GRANT ALL on DATABASE test to test_superuser;

Would do this, but after these commands test_superuser cannot access the schema.

How can I create a user that has the permissions of postgres superuser but only on a named database?

like image 442
user1331131 Avatar asked Aug 30 '25 18:08

user1331131

2 Answers

Turned out this needed a lot of tinkering to achieve:-

     CREATE ROLE test_database_superuser
     NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL '2020-03-06 00:00:00';


    CREATE ROLE test_user LOGIN
      ENCRYPTED PASSWORD 'md52b250919b406b707999fffb2b9f673fb'
      NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL '2020-03-06 00:00:00';

    GRANT test_database_superuser TO test_user;

    --DATABASE LEVEL PRIVELEGES
    GRANT ALL PRIVILEGES ON DATABASE test to test_database_superuser;

    --SCHEMA LEVEL
    GRANT ALL ON SCHEMA bar TO GROUP test_database_superuser;
    GRANT USAGE ON SCHEMA foo TO GROUP test_database_superuser;
    GRANT USAGE ON SCHEMA foobar TO GROUP test_database_superuser;

    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA foo TO GROUP test_database_superuser;
    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA foo TO GROUP test_database_superuser;

    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA bar TO GROUP test_database_superuser;
    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA bar TO GROUP test_database_superuser;

    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA foobar TO GROUP test_database_superuser;
    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA foobar TO GROUP test_database_superuser;


    --PUBLIC
    GRANT USAGE ON SCHEMA public TO GROUP test_database_superuser;
like image 122
user1331131 Avatar answered Sep 02 '25 14:09

user1331131

Allow usage of the schema

GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
    ON SCHEMA schema_name [, ...]
    TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]

Something like:

 GRANT USAGE ON SCHEMA your_schame TO test_superuser;

By the way, this is not a "super user", just a user with lots of permissions...

like image 42
DrColossos Avatar answered Sep 02 '25 13:09

DrColossos
Sign in to Comment

Related questions

How to restore postgreSQL in docker-compose
PostgreSQL timestamp with timezone does not use index
How to get sum of salary column from table GORM
How to generate 4 digit random number
Working with jdbc jar in pyspark
Accessing the Return Table in a Postgres Function
python postgres can I fetchall() 1 million rows?
how to build rails api with postgresql
save config/settings into relational database (postgresql)
How does Postgres handle more requests than connections

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!