Predefined role(s) to use in PostgreSQL in order to create a login role with privileges to automate database development

huangapple go评论52阅读模式
英文:

Predefined role(s) to use in PostgreSQL in order to create a login role with privileges to automate database development

问题

我正在设置一个用于Java应用程序的AWS Aurora (PostgreSQL) 15.x实例。我只能通过rds_superuser账户访问该实例,而不能使用psql

我最初要配置三个登录角色

  1. 一个只读的user_ro登录角色,基于pg_read_all_data
  2. 一个读/写的user_rw登录角色,基于pg_read_all_datapg_write_all_data
  3. 一个user_liquibase登录角色,具有通过执行模式更改和种子数据来自动化数据库开发的特权。

但是,我不确定可以用于user_liquibase的哪个预定义角色可以允许我创建和/或删除数据库对象。我希望像user_rw一样配置user_liquibase,为其授予pg_read_all_datapg_write_all_data权限,但我缺少执行这些任务所需的其他权限。

有人能提供一个用于实现这一目标的预定义角色吗?

由于我更多地从事开发工作,对这些任务不太熟悉,但这次我也需要设置实例。

英文:

I am in the process of setting up an AWS Aurora (PostgreSQL) 15.x instance for a Java-based application. I only have access to the instance through the rds_superuser account — not psql.

I am configuring three login roles initially:

  1. A read-only user_ro login role — based on pg_read_all_data.
  2. A read/write user_rw login role — based on pg_read_all_data and pg_write_all_data.
  3. A user_liquibase login role with privileges to automate database development by doing schema changes, seed data.

However, I'm unsure of what predefined role I can use for user_liquibase that allows me to create and/or drop database objects. I would prefer to configure user_liquibase like user_rw by granting it pg_read_all_data and pg_write_all_data privileges, but I'm missing the rest of the privileges necessary for these tasks.

Can anyone suggest a predefined role to accomplish this?

> I am not familiar with these tasks as I am more on the development side, but this time I need to set up the instance as well.

答案1

得分: 1

pg_write_all_data 允许您对所有现有表执行 INSERTUPDATEDELETE 操作。

要创建一个对象,您需要在创建对象的模式上具有 CREATE 权限。

要删除一个对象,您必须是该对象的所有者或拥有该对象的角色的成员。

英文:

pg_write_all_data allows you to INSERT, UPDATE and DELETE on all existing tables.

To create an object, you need to have the CREATE privilege on the schema where you create the object.

To drop an object, you must be the owner of the object or a member of the owning role.

huangapple
  • 本文由 发表于 2023年6月16日 04:51:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/76485432.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定