123456789101112131415161718192021222324252627282930313233343536 |
- #! /usr/bin/env bash
-
- if [ "${POSTGRES_MASTER_MODE}" != 1 ]
- then
- echo "Database is not in master mode. Exiting."
- exit 0
- fi
-
- psql <<-EOF
- CREATE USER ${POSTGRES_RO_USER} WITH ENCRYPTED PASSWORD '${POSTGRES_RO_PASSWORD}';-- NOINHERIT;
-
- \c ${POSTGRES_DB}
-
- REVOKE ALL ON DATABASE ${POSTGRES_DB} FROM ${POSTGRES_RO_USER};
- GRANT CONNECT ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_RO_USER};
-
- REVOKE ALL ON SCHEMA public FROM ${POSTGRES_RO_USER};
- REVOKE CREATE ON SCHEMA public FROM ${POSTGRES_RO_USER};
- GRANT USAGE ON SCHEMA public TO ${POSTGRES_RO_USER};
-
- REVOKE ALL ON ALL TABLES IN SCHEMA public FROM ${POSTGRES_RO_USER};
- GRANT SELECT ON ALL TABLES IN SCHEMA public TO ${POSTGRES_RO_USER};
- ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM ${POSTGRES_RO_USER};
- ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${POSTGRES_RO_USER};
-
- REVOKE ALL ON ALL SEQUENCES IN SCHEMA public FROM ${POSTGRES_RO_USER};
- GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO ${POSTGRES_RO_USER};
- ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM ${POSTGRES_RO_USER};
- ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE ON SEQUENCES TO ${POSTGRES_RO_USER};
-
- REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public FROM ${POSTGRES_RO_USER};
- GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO ${POSTGRES_RO_USER};
- ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON FUNCTIONS FROM ${POSTGRES_RO_USER};
- ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO ${POSTGRES_RO_USER};
-
- EOF
|