Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-admin-owner+archive@lists.postgresql.org>)
	id 1vT51S-00CSNy-15
	for pgsql-admin@arkaria.postgresql.org;
	Tue, 09 Dec 2025 21:13:26 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-admin-owner+archive@lists.postgresql.org>)
	id 1vT51Q-0079zV-1Q
	for pgsql-admin@arkaria.postgresql.org;
	Tue, 09 Dec 2025 21:13:24 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <rcoleman.ascentgl@gmail.com>)
	id 1vT51Q-0079zN-0H
	for pgsql-admin@lists.postgresql.org;
	Tue, 09 Dec 2025 21:13:24 +0000
Received: from mail-oa1-x32.google.com ([2001:4860:4864:20::32])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <rcoleman.ascentgl@gmail.com>)
	id 1vT51O-003zr1-2N
	for pgsql-admin@lists.postgresql.org;
	Tue, 09 Dec 2025 21:13:23 +0000
Received: by mail-oa1-x32.google.com with SMTP id
 586e51a60fabf-3e12fd71984so4262829fac.2
        for <pgsql-admin@lists.postgresql.org>;
 Tue, 09 Dec 2025 13:13:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1765314802; x=1765919602;
 darn=lists.postgresql.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=xjW/PUa5Ssg4XOkCCFxCBX/W6PVms5aG68hXuYg1jFg=;
        b=cH0k6RkoXfGUmE/VjwHe0+Kqm9MUV2H6RroxBDsz7zD/b9OAwXn2AwQ3hZS4e16CEh
         PIitmnH5uijzTqb0zKesDc+vcu6H2kgtYycU9HlqzHmHPeOKXz2wcKK7StorT3ulqGui
         LqQCe43Xr54kCUJWqiFRniw/6xF5jRAKjhyiaDeCfuud+qhc57aTCZiUJ7Uzu+sX9BGq
         uTTsT5b+t+1HlwQd7dDZHWJjg160VaCv20voDWDsZCozRlCop0zbV8cGtP0rHyX8jIWl
         H6fn3lqzVXgTq+iqpR+WSc9kC7DI5SPeiMpFcW1El77kO3Ifc4JjYO459Cu3Rpcu7GdZ
         bkWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1765314802; x=1765919602;
        h=to:subject:message-id:date:from:mime-version:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=xjW/PUa5Ssg4XOkCCFxCBX/W6PVms5aG68hXuYg1jFg=;
        b=TiCCW8hTZVg3xFLVEcM5O1t2aA/DwXbn+SfIfj5FykupaWC4JcgDFUT28+/ovtgc5e
         twRNe/X8hxHriU9NIWAxQtjmXnJRs02dw7J1Gp56oXUbET2+NXQ7z/xvlrd5NqGinPym
         ign27/ulrIhBAnSShoDLyZSgEVNLO/h4T4DbnnFvxiycstp7Is9Mi29ckfzC5taEii1S
         NBs1ef0wWlpt8SQgXpHMttIbmuZh57x+3aHATpmAjpFiExiCbgkvZy0LjMu2B1o7fAh2
         vEBT6XiaTFaR0+7lk2b/ZLs8KQZslW8t72QHePSBpHCI+mFahfkMveWgcXTX5woGlRqI
         TXkw==
X-Gm-Message-State: AOJu0YyptCyV11JVZ1Y/USfmWEeiSyIrG9OsQqVRUZnLJMCvcldlsIWE
	m4HDJ61l6YsJu4k9R2GPmPUvIzs/7GFnHH0xVzAxZDk/wkDIxgMKh+1Npg4GnbPdnggJplgzK4N
	kHF01NPH3WQ2xuSfjxvmPQDt/+7SFGYdqEutv
X-Gm-Gg: AY/fxX7QFjrs25a64Eppegq+S58oEUrUE5bJS8vXco0/rpC0ZwfsUScJSQLcXEO1ZDi
	8Cvm8ztB8n6kzq6UNyQQPkIERH9XsIOlgrmfpg0ED7wR+XOpjLiFJkCZIlN45zU5D2xl3LYfk4M
	6rZCGc2B4s/lQ1pZ/hUBALAoEcJ/j6eNm1GB3BUawAKF0M1UmY2UrzIwrRWD1itSM2xJl4sqklQ
	QEUu/9/p/s13zsaWPpqGG5jjd8IVRPgZQ58gZ32RvF4l5c1Qj0qc8t1R86AK0KElA/MR8U=
X-Google-Smtp-Source: 
 AGHT+IH7aXKzs3hSXj8sHKv3HEQb+1P6xRfnrdGrvF0HgRzSsuXL90beV9sYe27rLyALf9RACnaxgnLEtiMqJg4U128=
X-Received: by 2002:a05:6870:241c:b0:3ec:32a0:33cd with SMTP id
 586e51a60fabf-3f5bda73adcmr233005fac.31.1765314801657; Tue, 09 Dec 2025
 13:13:21 -0800 (PST)
MIME-Version: 1.0
From: richard coleman <rcoleman.ascentgl@gmail.com>
Date: Tue, 9 Dec 2025 16:13:11 -0500
X-Gm-Features: AQt7F2rdYKqeMzJ6R8igq5KcWYNRjwg_P2NMBaaVUy7FIW08hzwNtBQ2JJGl4B8
Message-ID: 
 <CAGA3vBug6Sq_XYLxzmY470WFS6Z3OF28goYzX=QHrCc4hgQSDw@mail.gmail.com>
Subject: database specific pg_read_all_data / pg_write_all_data
To: Pgsql-admin <pgsql-admin@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000ab6be506458b6189"
List-Id: <pgsql-admin.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-admin@lists.postgresql.org>
List-Owner: <mailto:pgsql-admin-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-admin>
Archived-At: 
 <https://www.postgresql.org/message-id/CAGA3vBug6Sq_XYLxzmY470WFS6Z3OF28goYzX%3DQHrCc4hgQSDw%40mail.gmail.com>
Precedence: bulk

--000000000000ab6be506458b6189
Content-Type: text/plain; charset="UTF-8"

In PostgreSQL 16+ the built in roles such as pg_read_all_data
and pg_write_all_data are a welcome addition to permission setting in
PostgreSQL.

Unfortunately they appear to be server-wide roles.

Woud it be possible to have roles like these that are database specific?

If there are 100 databases on a server, it would be extremely helpful to be
able to do something like:

*grant *pg_read_all_data* on database *foo* to *user_role*;*

Otherwise these roles are unusable from a practical stand point on servers
with multiple unrelated databases.

Thanks for the help,
rik.

--000000000000ab6be506458b6189
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">In PostgreSQL 16+ the built in roles such as=C2=A0pg_read_=
all_data and=C2=A0pg_write_all_data are a welcome addition to permission se=
tting in PostgreSQL.<div><br></div><div>Unfortunately they appear to be ser=
ver-wide roles.</div><div><br></div><div>Woud it be possible to have roles =
like these that are database specific?</div><div><br></div><div>If there ar=
e 100 databases on a server, it would be extremely helpful to be able to do=
 something like:</div><div><br></div><div><b>grant </b>pg_read_all_data<b> =
on database </b>foo<b> to </b>user_role<b>;</b></div><div><br></div><div>Ot=
herwise these roles are unusable from a practical stand point on servers wi=
th multiple unrelated databases.</div><div><br></div><div>Thanks for the he=
lp,</div><div>rik.</div></div>

--000000000000ab6be506458b6189--