TL;TR: What are the required privileges for the read-only connection user?
Here is how I’m setting up the
kongro user which I’m configuring the Kong with via
CREATE USER kongro WITH PASSWORD 'secret'; GRANT CONNECT ON DATABASE kong TO kongro; GRANT USAGE ON SCHEMA public TO kongro; GRANT SELECT ON ALL TABLES IN SCHEMA public TO kongro; GRANT REFERENCES ON ALL TABLES IN SCHEMA public TO kongro; GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO kongro;
However, I still see in the logs the messages like this:
could not rebuild router: could not load routes: [postgres] ERROR: permission denied for relation routes (stale router will be used)
If I replace the
kongro with username for the read-write connection, those disappear from the logs and all seems working fine.
How to configure the read-only connection user?