Merge pull request #2168 from aiven/rjoerger-pg-readonly-user

postgres: Adding docs for creating a read only user.
aiven · Dec 27, 2023 · 27bcfbd · 27bcfbd
2 parents 03ead82 + 4be7747
commit 27bcfbd
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 1 deletion.
diff --git a/_toc.yml b/_toc.yml
@@ -1276,6 +1276,7 @@ entries:
               - file: docs/products/postgresql/howto/use-pgvector
                 title: Enable and use pgvector
               - file: docs/products/postgresql/howto/pg-object-size
+              - file: docs/products/postgresql/howto/readonly-user
           - file: docs/products/postgresql/howto/list-replication-migration
             title: Migrate
             entries:

diff --git a/docs/products/postgresql/howto.rst b/docs/products/postgresql/howto.rst
@@ -40,6 +40,7 @@ Aiven for PostgreSQL® how-tos
     - :doc:`Prevent PostgreSQL® full disk issues </docs/products/postgresql/howto/prevent-full-disk>`
     - :doc:`Enable and use pgvector on Aiven for PostgreSQL® </docs/products/postgresql/howto/use-pgvector>`
     - :doc:`Check size of a database, a table or an index </docs/products/postgresql/howto/pg-object-size>`
+    - :doc:`Restrict access to databases or tables in Aiven for PostgreSQL®". </docs/products/postgresql/howto/readonly-user>`
 
 .. dropdown:: Migration
 

diff --git a/docs/products/postgresql/howto/list-dba-tasks.rst b/docs/products/postgresql/howto/list-dba-tasks.rst
@@ -73,4 +73,8 @@ Database administration tasks
 
     .. grid-item-card:: :doc:`Check size of a database, a table or an index </docs/products/postgresql/howto/pg-object-size>`
         :shadow: md
-        :margin: 2 2 0 0
+        :margin: 2 2 0 0
+
+    .. grid-item-card:: :doc:`Restrict access to databases or tables in Aiven for PostgreSQL®". </docs/products/postgresql/howto/readonly-user>`
+        :shadow: md
+        :margin: 2 2 0 0
diff --git a/docs/products/postgresql/howto/readonly-user.rst b/docs/products/postgresql/howto/readonly-user.rst
@@ -0,0 +1,28 @@
+Restrict access to databases or tables in Aiven for PostgreSQL®
+===============================================================
+
+You can restrict access to Aiven for PostgreSQL® databases and tables by setting up read-only permissions for specific user's roles.
+
+Set read-only access in a schema
+--------------------------------
+
+1. Modify default permissions for a user's role in a particular schema.
+
+.. code-block:: bash
+
+   alter default privileges for role name_of_role in schema name_of_schema YOUR_GRANT_OR_REVOKE_PERMISSIONS
+
+2.  Apply the new read-only access setting to your existing database objects that uses the affected schema.
+
+.. code-block:: bash
+
+   grant select on all tables in schema name_of_schema to NAME_OF_READ_ONLY_ROLE
+
+Set read-only access in a database
+----------------------------------
+
+You can set up the read-only access for a specific user's role in a particular database.
+
+1. Create a new database which will be used as a template ``create database ro_<name>_template...``.
+2. For the new template database, set permissions and roles that you want as default ones in the template.
+3. When creating a new database, use ``create database NAME with template = 'ro_<name>_template'``.