Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Automate the process of granting read-only access to a database #159

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[WIP] Automate the process of granting read-only access to a database #159

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 82 additions & 0 deletions bin/grant-readonly-access-for-PostgreSQL-user.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
#!/bin/bash -e

set -o errexit
set -o pipefail
set -u

function usage() {
set -e
cat <<EOM
##### grant-readonly-access-for-PostgreSQL-user #####
Crude script to grant read access for a non-owner PostgreSQL user to a database
Required arguments:
--user Database user which requires read-only access to the specified database
--database Database to which the specified user will have read-only access
Requirements:
1. The 'pqsl' binary must be installed and on the current \$PATH
2. This script must be run as user postgres
3. This script must be run from a shell local to the server running PostgreSQL

Example:
sudo -u postgres ./$0 --user "shield-agent-readonly" --database "shield-bases"
EOM

exit 2
}

if [ $# == 0 ]; then usage; fi

# Loop through arguments, two at a time for key and value
while [[ $# -gt 0 ]]
do
key="$1"

case $key in
--user)
DATABASE_USER="$2"
shift # past argument
;;
--database)
DATABASE_TARGET="$2"
shift # past argument
;;
*)
usage
exit 2
;;
esac
shift # past argument or value
done


# TODO:
# create input parameters for --user and --database

echo "Granting read-only access for database user '$DATABASE_USER' to database '$DATABASE_TARGET'"

command1="GRANT USAGE ON SCHEMA public to \"$DATABASE_USER\";"
psql --command "$command1"

command2="ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO \"$DATABASE_USER\";"
psql --command "$command2"

command3="GRANT CONNECT ON DATABASE \"$DATABASE_TARGET\" to \"$DATABASE_USER\";"
psql --command "$command3"

command4="\c \"$DATABASE_TARGET\""
psql --command "$command4"

command5="ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO \"$DATABASE_USER\";"
psql --command "$command5"

command6="GRANT USAGE ON SCHEMA public to \"$DATABASE_USER\";"
psql --command "$command6"

command7="GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO \"$DATABASE_USER\";"
psql --command "$command7"

command8="GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"$DATABASE_USER\";"
psql --command "$command8"

echo ""
echo "database user '$DATABASE_USER' has been granted read-only access to database '$DATABASE_TARGET'"