git.postgresql.org Git - postgresql.git/commit

author	Stephen Frost <sfrost@snowman.net>
	Mon, 5 Apr 2021 17:42:52 +0000 (13:42 -0400)
committer	Stephen Frost <sfrost@snowman.net>
	Mon, 5 Apr 2021 17:42:52 +0000 (13:42 -0400)
commit	6c3ffd697e2242f5497ea4b40fffc8f6f922ff60
tree	7045f2fb4cbeb7fcbc9492ed8e21a99bf25b37cd	tree
parent	ad8b674922eb70dc5cd02951dd82fe2c4c37c80a	commit \| diff

Add pg_read_all_data and pg_write_all_data roles

A commonly requested use-case is to have a role who can run an
unfettered pg_dump without having to explicitly GRANT that user access
to all tables, schemas, et al, without that role being a superuser.
This address that by adding a "pg_read_all_data" role which implicitly
gives any member of this role SELECT rights on all tables, views and
sequences, and USAGE rights on all schemas.

As there may be cases where it's also useful to have a role who has
write access to all objects, pg_write_all_data is also introduced and
gives users implicit INSERT, UPDATE and DELETE rights on all tables,
views and sequences.

These roles can not be logged into directly but instead should be
GRANT'd to a role which is able to log in. As noted in the
documentation, if RLS is being used then an administrator may (or may
not) wish to set BYPASSRLS on the login role which these predefined
roles are GRANT'd to.

Reviewed-by: Georgios Kokolatos
Discussion: https://postgr.es/m/20200828003023.GU29590@tamriel.snowman.net

doc/src/sgml/user-manag.sgml		diff \| blob \| blame \| history
src/backend/catalog/aclchk.c		diff \| blob \| blame \| history
src/include/catalog/catversion.h		diff \| blob \| blame \| history
src/include/catalog/pg_authid.dat		diff \| blob \| blame \| history
src/test/regress/expected/privileges.out		diff \| blob \| blame \| history
src/test/regress/sql/privileges.sql		diff \| blob \| blame \| history