How to create read-only user for schemas which can be created in the future?

Question

SO and Internet contains a lot of answers to question how to create read only user (for example see this article), BUT all of them promote the following way:

Create user
Grant USAGE privilege to all existing schemas
Grant SELECT privilege to all existing tables in all existing schemas
Grant default SELECT privilegie to all tables (which can be created in the future) for all existing schemas

But what to do if some schemas can be created in the future too?

I mean I want to grant read only permissions to these schemas (and tables in these schemans) created in the future without any additional configuration. Is it possible?

I suppose it will works but it's looks like hard solution for such simple problem. — Maxim, May 06 '19 at 13:31
Are there some existing schemas for which future tables must not be granted on? — jjanes, May 06 '19 at 15:10
No, read-only user should have read-only access to all schemas and all tables. — Maxim, May 07 '19 at 05:22

score 3 · Answer 1 · answered Oct 08 '19 at 13:20

You can modify template1 to grant read only permissions to all future schemas.

/connect template1
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO username;

Now all future CREATE DATABASE statements will also have the read only permissions applied to them.

CREATE DATABASE dbname; // is the same as CREATE DATABASE dbname TEMPLATE template1;

How to create read-only user for schemas which can be created in the future?

1 Answers1

Linked

Related