178

Is there a one-liner that grants the SELECT permissions to a new user postgresql?

Something that would implement the following pseudo-code:

GRANT SELECT ON TABLE * TO my_new_user;
Improve this question
1

10 Answers 10

Reset to default
291

I thought it might be helpful to mention that, as of 9.0, postgres does have the syntax to grant privileges on all tables (as well as other objects) in a schema:

GRANT SELECT ON ALL TABLES IN SCHEMA public TO user; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO user;

To grant permissions also for tables created in the future use:

ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO user;

Here's the link.

Improve this answer
11
  • I'll upgrade soon, so this is really good news. Thanks! Commented Jun 26, 2011 at 15:31
  • Does this affect all databases on the server that use the public schema? Commented May 28, 2014 at 7:20
  • 15
    If I create a new table, will this user have access to the newly created table? Commented Sep 5, 2014 at 19:13
  • 16
    @GuiSim No, You have to set the default privileges on a schema, where ytou create the table: postgresql.org/docs/current/static/… Commented Jan 24, 2016 at 9:33
  • 3
    @kristianp No, every database in the PG cluster has its own public schema. It affect all tables (functions) in the schema public for current DB you are connected to. Commented Jan 24, 2016 at 9:36
16

My (non-one-liner) solution:

#!/bin/bash for table in `echo "SELECT schemaname || '.' || relname FROM pg_stat_user_tables;" | psql -A -t my_database_name`; do echo "GRANT SELECT ON TABLE $table to my_new_user;" echo "GRANT SELECT ON TABLE $table to my_new_user;" | psql my_database_name done

Run from the privileged user, it worked like a charm.

Improve this answer
3
  • 3
    If you use pg_stat_user_tables instead of all_tables, you don't need your grep... Also, pass -A -t to psql to get rid of formatted output. Commented Aug 30, 2009 at 18:33
  • 1
    Note that as of Postgres 9.0, this answer's approach is doing it the hard way. In 9.x, we now have the "ON ALL" seen in this other answer. Commented Jul 6, 2014 at 5:48
  • this one doesn't work where table or schema names contain uppercase letters. Adding a modified version below Commented Mar 26, 2019 at 19:11
13

I ended up doing this, and it worked:

ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC;
Improve this answer
1
  • 1
    very good when tables are created afterwards, and read access is meant to be granted by default Commented May 16, 2020 at 13:10
12

This can be done with a two-step process.

  1. Run this query:

    select 'grant all on '||schemaname||'.'||tablename||' to $foo;' from pg_tables where schemaname in ('$bar', '$baz') order by schemaname, tablename;

    Replacements:

    $foo = username you want to grant permissions for
    $bar, $baz = schemas you want to grant permissions in (can be just "public")

  2. That's going to give you a list of queries that will generate the required permissions. Copy the output, paste it into another query, and execute.

Improve this answer
6

I ended up here because my DB user saw only a few tables and not the newer ones. If this is your case, this has helped me.

  1. Grant privileges to all existing tables:

    GRANT SELECT ON ALL TABLES IN SCHEMA public TO user;

  2. Grant privileges to all new tables to be created in future (via default privileges):

    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO user;

  3. You can also double-check that all tables are granted correctly.

    • Count all existing tables:

      SELECT COUNT(*) FROM pg_catalog.pg_tables WHERE schemaname != 'pg_catalog' AND schemaname != 'information_schema';

    • Count all tables the user has access to:

      SELECT COUNT(*) FROM information_schema.role_table_grants WHERE grantee = 'user';

    The count of last two queries must be the same.

Improve this answer
2

This is what I used: 

psql dbname -tc "select 'grant select on '||relname||' to readonly;' from pg_stat_user_tables" | psql dbname

I feel it's more natural to do formatting and where-clauses in sql..

Improve this answer
1

I'm working with postgres 8.4 and to give all privileges to a user do the following:

#!/bin/bash for table in `echo "SELECT schemaname||'.'||relname FROM pg_stat_all_tables WHERE schemaname NOT IN('pg_catalog','pg_toast','information_schema')" | psql -t db `; do echo "grant select on table $table to my_new_user;" echo "grant select on table $table to my_new_user;" | psql db done
Improve this answer
1
  • 1
    In English please. Commented Nov 30, 2012 at 14:14
0

one way to fix this is to write a stored procedure. unfortunately there is no "grant everything to all tables" command or so. you really need a procedure or some external shell script maybe to make this work.

Improve this answer
0

The (one-liner solution) script by Adam Matan is great when there are many schema's, but it doesn't work where schema names or table names contain uppercase letters or special characters.

Modified version:

#!/bin/bash for table in `echo "SELECT '\"' || schemaname || '\".\"' || relname || '\"' FROM pg_stat_user_tables;" | psql -A -t my_database_name`; do echo "GRANT SELECT ON TABLE $table to my_new_user;" echo "GRANT SELECT ON TABLE $table to my_new_user;" | psql my_database_name done
Improve this answer
0 
DO $$ DECLARE schemaname text; BEGIN FOR schemaname IN (SELECT nspname FROM pg_namespace) LOOP EXECUTE 'GRANT USAGE, SELECT ON ALL TABLES IN SCHEMA ' || schemaname || ' TO user'; END LOOP; END $$;
Improve this answer
1
  • Replace "user" with the appropriate username. Note that this query will grant the user "USAGE" and "SELECT" privileges on all tables in all schemas within the database. Commented Jan 16, 2023 at 1:40

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.