Merge branch '8-docs-pg-roles' into 'dev'

rustprooflabs · rustprooflabs · commit 12cd54810afd · 2020-06-30T02:55:16.000Z
Resolve "Add guide to create nologin role with read access to views"

See merge request rplinternal/pgdd!7
diff --git a/README.md b/README.md
@@ -42,6 +42,46 @@ psql -d your_db
 CREATE EXTENSION pgdd;
 ```
 
+## Database Permissions
+
+Create Read-only group role to assign to users
+that need access to query (read-only) the PgDD objects.
+
+```
+CREATE ROLE dd_read WITH NOLOGIN;
+COMMENT ON ROLE dd_read IS 'Group role to grant read-only permissions to PgDD views.';
+
+GRANT USAGE ON SCHEMA dd TO dd_read;
+GRANT SELECT ON ALL TABLES IN SCHEMA dd TO dd_read;
+ALTER DEFAULT PRIVILEGES IN SCHEMA dd GRANT SELECT ON TABLES TO dd_read;
+```
+
+Access can now be granted to other users using:
+
+```
+GRANT dd_read TO <your_login_user>;
+```
+
+For read-write access.
+
+
+```
+CREATE ROLE dd_readwrite WITH NOLOGIN;
+COMMENT ON ROLE dd_readwrite IS 'Group role to grant write permissions to PgDD objects.';
+
+GRANT dd_read TO dd_readwrite;
+
+GRANT INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA dd TO dd_readwrite;
+ALTER DEFAULT PRIVILEGES IN SCHEMA dd GRANT INSERT, UPDATE, DELETE ON TABLES TO dd_readwrite;
+```
+
+This access can be granted using:
+ 
+```
+GRANT dd_readwrite TO <your_login_user>;
+```
+
+
 ## Use Data Dictionary
 
 Connect to your database using your favorite SQL client.  This
