sahil1 · August 8, 2019 17:13
diff --git a/read-access.sql b/read-access.sql
 -- Create a group
 CREATE ROLE readaccess;

 -- Grant access to existing tables
 GRANT USAGE ON SCHEMA public TO readaccess;
 GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess;

 -- Grant access to future tables
 ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess;

 -- Create a final user with password
 CREATE USER sahil WITH ENCRYPTED PASSWORD 'secret';
 GRANT readaccess TO sahil;

 -- Grant all priviliges on all tables
 GRANT ALL privileges ON database mydatabasename TO sahil;
 GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO sahil;

 -- Change password
 ALTER USER sahil WITH ENCRYPTED PASSWORD 'newsecret';
 ---------------------------------------
 ---------------------------------------
 -- List all users
 SELECT * FROM pg_user;

 -- Query user details
 SELECT u.usename AS "User name",
  u.usesysid AS "User ID",
  CASE WHEN u.usesuper AND u.usecreatedb THEN CAST('superuser, create database' AS pg_catalog.text)
       WHEN u.usesuper THEN CAST('superuser' AS pg_catalog.text)
       WHEN u.usecreatedb THEN CAST('create database' AS pg_catalog.text)
       ELSE CAST('' AS pg_catalog.text)
  END AS "Attributes"
 FROM pg_catalog.pg_user u
 ORDER BY 1;

 -- Query roles
 SELECT r.rolname, r.rolsuper, r.rolinherit,
  r.rolcreaterole, r.rolcreatedb, r.rolcanlogin,
  r.rolconnlimit, r.rolvaliduntil,
  ARRAY(SELECT b.rolname
        FROM pg_catalog.pg_auth_members m
        JOIN pg_catalog.pg_roles b ON (m.roleid = b.oid)
        WHERE m.member = r.oid) AS memberof
 , r.rolreplication
 , r.rolbypassrls
 FROM pg_catalog.pg_roles r
 WHERE r.rolname !~ '^pg_'
 ORDER BY 1;
	-- Create a group
	CREATE ROLE readaccess;

	-- Grant access to existing tables
	GRANT USAGE ON SCHEMA public TO readaccess;
	GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess;

	-- Grant access to future tables
	ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess;

	-- Create a final user with password
	CREATE USER sahil WITH ENCRYPTED PASSWORD 'secret';
	GRANT readaccess TO sahil;

	-- Grant all priviliges on all tables
	GRANT ALL privileges ON database mydatabasename TO sahil;
	GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO sahil;

	-- Change password
	ALTER USER sahil WITH ENCRYPTED PASSWORD 'newsecret';
	---------------------------------------
	---------------------------------------
	-- List all users
	SELECT * FROM pg_user;

	-- Query user details
	SELECT u.usename AS "User name",
	u.usesysid AS "User ID",
	CASE WHEN u.usesuper AND u.usecreatedb THEN CAST('superuser, create database' AS pg_catalog.text)
	WHEN u.usesuper THEN CAST('superuser' AS pg_catalog.text)
	WHEN u.usecreatedb THEN CAST('create database' AS pg_catalog.text)
	ELSE CAST('' AS pg_catalog.text)
	END AS "Attributes"
	FROM pg_catalog.pg_user u
	ORDER BY 1;

	-- Query roles
	SELECT r.rolname, r.rolsuper, r.rolinherit,
	r.rolcreaterole, r.rolcreatedb, r.rolcanlogin,
	r.rolconnlimit, r.rolvaliduntil,
	ARRAY(SELECT b.rolname
	FROM pg_catalog.pg_auth_members m
	JOIN pg_catalog.pg_roles b ON (m.roleid = b.oid)
	WHERE m.member = r.oid) AS memberof
	, r.rolreplication
	, r.rolbypassrls
	FROM pg_catalog.pg_roles r
	WHERE r.rolname !~ '^pg_'
	ORDER BY 1;