WIP

ITISFoundation · Oct 1, 2024 · 4779d4e · 4779d4e
1 parent 38d4af5
commit 4779d4e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/services/docker-compose.yml b/services/docker-compose.yml
@@ -1137,7 +1137,6 @@ services:
       POSTGRES_READONLY_PASSWORD: ${POSTGRES_READONLY_PASSWORD}
       POSTGRES_READONLY_USER: ${POSTGRES_READONLY_USER}
     volumes:
-      - ./postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
       - postgres_data:/var/lib/postgresql/data
       - type: tmpfs
         target: /dev/shm

diff --git a/...trypoint-initdb.d/create-readonly-user.sh → ...trypoint-initdb.d/create-readonly-user.sh b/...trypoint-initdb.d/create-readonly-user.sh → ...trypoint-initdb.d/create-readonly-user.sh
diff --git a/services/postgres/scripts/docker-entrypoint-initdb.d/create-readonly-user.sql.template b/services/postgres/scripts/docker-entrypoint-initdb.d/create-readonly-user.sql.template
@@ -0,0 +1,10 @@
+-- SQL script to create a read-only user and grant privileges
+CREATE USER ${POSTGRES_READONLY_USER} WITH PASSWORD '${POSTGRES_READONLY_PASSWORD}';
+
+GRANT CONNECT ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_READONLY_USER};
+GRANT USAGE ON SCHEMA public TO ${POSTGRES_READONLY_USER};
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO ${POSTGRES_READONLY_USER};
+GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO ${POSTGRES_READONLY_USER};
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${POSTGRES_READONLY_USER};
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON SEQUENCES TO ${POSTGRES_READONLY_USER};