Creating read only users in Vertica
Hi,
I'm creating a read only user in Vertica using the following script. Ideally, I would like to give SELECT permissions to the entire schema but its not possible in vertica, hence I gave SELECT permissions to ALL TABLES in the schema. Now when I create a new table in the same schema, the read only user has to be given SELECT permission again on this new table else he gets a permission denied error. Is it possible to give SELECT permissions to the new and existing objects in vertica at once instead of giving permission to new objects everytime i create one?
Create user apiuser identified by '*****';
Grant usage on schema PUBLIC to apiuser;
Grant select on ALL TABLES IN SCHEMA PUBLIC to apiuser;
Grant select on ALL TABLES IN SCHEMA PUBLIC to apiuser;
0
Comments
Hi @DPhoenix,
I suddgest that you start using user created database roles, this will prevent you form loosing track of your user accesses and less work will be done when doing user maintainance.
You can follow that SQL Server user role model.
Ohh , there is no automatic grant, that would be nice(to have a role like dbreader in SQL Server). You have ot do it manually after table create.
So with roles i just have ot do it once and that roles spreads the 'love' to all users that have acess to that role.
Also in the latest Vertica version 7.2 thy have introduced the concept of Inherited Privileges , but still there is some extra lines of code to be written so this would work.
If I add a user to pseudosuperuser role, then will that user inherit existing privileges for new objects in the schema or even in this case, we need to grant permissions to the pseudosuperuser role after every new object is created?