Ryan Booz limits database access:
We discussed how this can be done manually with a
GRANTcommand each time an object is created, however, that is time consuming to manage and easy to miss a detail.Instead, PostgreSQL provides a method for setting default privileges which are granted on behalf of the object owner as database objects are created. Using default privileges, a role can prepare the database ahead of time to ensure that consistent access privileges are applied while easing the management burden over time.
But how do you go about creating a set of roles and default privileges that will provide the right level of control and access? Let’s dig a little deeper.
RBAC on groups is definitely the way to go, and Ryan shows us how.