-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinit-db.sh
More file actions
35 lines (25 loc) · 1.19 KB
/
Copy pathinit-db.sh
File metadata and controls
35 lines (25 loc) · 1.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/bin/bash
set -e
# This script runs automatically when PostgreSQL container starts for the first time
echo "Creating readonly user..."
# Create readonly user
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-- Create readonly user
CREATE USER readonly_user WITH PASSWORD 'readonly_password';
-- Grant CONNECT privilege
GRANT CONNECT ON DATABASE $POSTGRES_DB TO readonly_user;
-- Grant USAGE on public schema
GRANT USAGE ON SCHEMA public TO readonly_user;
-- Grant SELECT on all existing tables
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly_user;
-- Grant SELECT on all future tables (for tables created by migrations)
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly_user;
-- Revoke all other privileges (just to be explicit)
REVOKE INSERT, UPDATE, DELETE, TRUNCATE ON ALL TABLES IN SCHEMA public FROM readonly_user;
-- Make sure user cannot create objects
REVOKE CREATE ON SCHEMA public FROM readonly_user;
EOSQL
echo "Readonly user created successfully!"
echo "Username: readonly_user"
echo "Password: readonly_password"
echo "Permissions: SELECT only"