3

I have two users in postgresql one of which is called migration and is used when Rails runs migrations on the production server. This user owns the production database. I also have production user who is supposed to have only the following privileges: SELECT, INSERT, UPDATE, DELETE on the production database.

Problem is, every time a new table is created, I have to manually run this in psql:

GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO production;

-- next line is needed for each new table which has an auto incrementing field, in this case - table `users`
GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO production;

because permissions for production user on newly created tables are not set automatically. What's the best way to do it automatically when running migrations? Any script available for Rails/Capistrano?

Improve this question
1
  • Did default privileges work for you? I'm having a very similar issue, except it has to do with my backup software. Every time a new table is created, backup user can't read it... yet I AM using default privs, seen clearly from \ddp. Commented Sep 3, 2015 at 14:19

1 Answer 1

Reset to default
4

You could use Postgres' ALTER DEFAULT PRIVILEGES to have it automatically assign the rights to production for all newly created tables.

Alternatively, you could write a custom Capistrano task to set the permissions that is called through the after "deploy:migrate", "mycustomtaskname" hook. This pastie might give you a few good hints on how to interact with pgsql through Capistrano, for example how to provide the password interactively.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, looks like ALTER DEFAULT PRIVILIGES is something that would save me from writing a custom Capistrano task and would replace very well both GRANT statements in my question. I will mark the answer correct as soon as I test how good the first solution works.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.