Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sx5Mz-007pxS-SO for pgsql-general@arkaria.postgresql.org; Sat, 05 Oct 2024 14:02:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sx5My-000FPj-0P for pgsql-general@arkaria.postgresql.org; Sat, 05 Oct 2024 14:02:52 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sx5Mx-000FPa-Gw for pgsql-general@lists.postgresql.org; Sat, 05 Oct 2024 14:02:51 +0000 Received: from mail-oo1-xc33.google.com ([2607:f8b0:4864:20::c33]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sx5Mr-002eH2-4U for pgsql-general@lists.postgresql.org; Sat, 05 Oct 2024 14:02:50 +0000 Received: by mail-oo1-xc33.google.com with SMTP id 006d021491bc7-5e7a13b34ffso1104940eaf.2 for ; Sat, 05 Oct 2024 07:02:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728136964; x=1728741764; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=AMKny8O1NMa/or6WT8LE0efJ97SSeGsD7GRoR1Irs7s=; b=jBRHlRa/hcIIDAKTTm6GwGHabW0CG+EPDHSdcvYUd8zgRc1YZXdtS+6EzHt71ShGmD eQ55ix7kSKH2ozCAZ5lFFcrnoZGQvtppvo5+1BktPKtol/75aOiz2xR8ftTIhCKOxtDS 7SpmYluaFHHk46CRUMf4q7rJZIZ4gJU2Mozpp72YkTX2FJmlPZGb4nc6jhDuppwkXdfK xvl6+3ndsQ8y3fJqncmsRS+vLLUHVujL8zYW4Zqa8sY7BFBiC7YH8lZiHjrp0Bg6vDUY PVuoMSfPlqLFFTqDCbfMLMeZRAmuF8m65ub0SFabD3eZ1wWJqsjgS0p8KAafcHKKkY29 0Pjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728136964; x=1728741764; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=AMKny8O1NMa/or6WT8LE0efJ97SSeGsD7GRoR1Irs7s=; b=u0KzSC9454WipW03KJuQIGqDERWZoVtZKOhynC58h1ZAFiqKJDIIaWHF7/wyWgmtVG +yguPg14QHV+umKL0CwaQEU+XRriPQPl6rglhwMfsuUznm7qX1aP+KvEJAZO6NO26CWQ 7hu5TtiHVrBHtXmcx9yRtFmtmYhM/8qVuyV4VWHkiixw20NxQNLobP1x47dhKmaFpo5F QrZffwfxfm0MGneFHKp9ZAlZY8Z0/tgi94g53b2H8G6q/9Km09qogOrjbq1m2TPB1E8I 7AaOAADroqcPZWfdG8UFH+/J4DM5A8baVgNPzr21jUFHT1Nci/9lOYUqRUSNkLEVgpOE KgVA== X-Gm-Message-State: AOJu0YyiY/qkaQgGwGps7KM0s/7qJN/yonj1jxH/mgAmnugrXwc3kTcv CMhDdgiMA3lodOua8r1HMI7nw5qD+3OM0keRH8LEHhEgulnX9A5ipli9mwj8EIAUkJyzO4l2925 +ov4CmUirtZK3En5mvaFiPBEELA8= X-Google-Smtp-Source: AGHT+IHeaYUR0b8QudyrntvNiWoiz9oZB0YAl40PeNPlaLOgRRNCwlolnmZY1byV+bUUahae2gmYAm3peD2iY/ceCIE= X-Received: by 2002:a05:6870:c69e:b0:270:2abd:4772 with SMTP id 586e51a60fabf-287c225c019mr3187706fac.45.1728136964079; Sat, 05 Oct 2024 07:02:44 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ac9:5992:0:b0:557:c384:fb61 with HTTP; Sat, 5 Oct 2024 07:02:43 -0700 (PDT) In-Reply-To: References: From: "David G. Johnston" Date: Sat, 5 Oct 2024 07:02:43 -0700 Message-ID: Subject: Re: grant connect to all databases To: Matt Zagrabelny Cc: "pgsql-generallists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000de0a1d0623bb3d73" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000de0a1d0623bb3d73 Content-Type: text/plain; charset="UTF-8" On Saturday, October 5, 2024, Matt Zagrabelny wrote: > Hello, > > I'd like to have a read-only user for all databases. > > I found the pg_read_all_data role predefined role, which I granted to my > RO user: > > GRANT pg_read_all_data TO ro_user; > > ...but I cannot connect to my database(s). > > I'd like to not have to iterate over all the databases and "GRANT > CONNECT...". > > Is there a way to do this with just one GRANT or equivalent command? > The pseudo-role Public exists for just this kind of thing. In fact, in a default installation it already is given connect privileges on all databases created by the bootstrap superuser. David J. --000000000000de0a1d0623bb3d73 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Saturday, October 5, 2024, Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
Hello,

I'd like to= have a read-only user for all databases.

I found = the pg_read_all_data role predefined role, which I granted to my RO user:

GRANT pg_read_all_data TO ro_user;

...but I cannot connect to my database(s).

I'd like to not have to iterate over all the databases and "GRAN= T CONNECT...".

Is there a way to do this with= just one GRANT or equivalent command?


The pseudo-role Public exists for just this kind of = thing.=C2=A0 In fact, in a default installation it already is given connect= privileges on all databases created by the bootstrap superuser.
=
David J.

--000000000000de0a1d0623bb3d73--