Create a read-only role

Snaplet connects to your PostgresQL database in order to create snapshots. We recommend that you give us read-only access to your database, and that you restrict connection to a specific set of IP addresses.

Never cry over split milk!

Connect to your database and run the following SQL statements. These creates a snaplet_readonly user with the password a very good password and gives them the snaplet_read_all_data role.

PostgresQL v14 includes a pg_read_all_data role. Run SELECT version() in PostgresQL to determine your version.

warning

Change the username and the password!

PostgresQL v14
PostgresQL v13 and below

SELECT version();-- Create a "snaplet_readonly" user and associate the "pg_read_all_data" role.CREATE USER snaplet_readonly WITH PASSWORD 'a very good password';GRANT pg_read_all_data TO snaplet_readonly;

SELECT version();CREATE ROLE snaplet_read_all_data;DO $do$DECLARE    sch text;BEGIN    FOR sch IN SELECT schema_name FROM information_schema.schemata WHERE schema_name NOT LIKE 'pg_%' AND schema_name != 'information_schema'    LOOP        EXECUTE format($$ GRANT USAGE ON SCHEMA %I TO snaplet_read_all_data $$, sch);        EXECUTE format($$ GRANT SELECT ON ALL TABLES IN SCHEMA %I TO snaplet_read_all_data $$, sch);        EXECUTE format($$ ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT SELECT ON TABLES TO snaplet_read_all_data $$, sch);    END LOOP;END;$do$;-- Create a "snaplet_readonly" user and associate the "snaplet_read_all_data" role.CREATE USER snaplet_readonly WITH PASSWORD 'a very good password';GRANT snaplet_read_all_data TO snaplet_readonly;