PostgreSQL privileges for read-only connection user in pg_ro_user

mloskot · April 6, 2021, 1:56pm

TL;TR: What are the required privileges for the read-only connection user?

Here is how I’m setting up the kongro user which I’m configuring the Kong with via KONG_PG_RO_USER=kongro:

CREATE USER kongro WITH PASSWORD 'secret';
GRANT CONNECT ON DATABASE kong TO kongro;
GRANT USAGE ON SCHEMA public TO kongro;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO kongro;
GRANT REFERENCES ON ALL TABLES IN SCHEMA public TO kongro;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO kongro;

However, I still see in the logs the messages like this:

could not rebuild router: could not load routes:
[postgres] ERROR: permission denied for relation routes (stale router will be used)

If I replace the kongro with username for the read-write connection, those disappear from the logs and all seems working fine.

How to configure the read-only connection user?

datong.sun · April 7, 2021, 3:23pm

Hello,

You can use feat(postgres) create read-only user 'kong_ro' · thibaultcha/kong-tests-compose@32d7dec · GitHub as a reference when we created a readonly user for the Kong’s CI environment.

mloskot · April 7, 2021, 4:32pm

This is helpful, thank you!

Topic		Replies	Views
Required Grants for Postgresql DB Questions	0	315	May 13, 2020
FATAL: too many connections for role "kong" Installation/Setup	2	2854	October 28, 2021
Postgres - Enabling certificate authentication (no password) Installation/Setup	0	582	August 8, 2022
Postgres connection settings are not auto-populated Questions	0	369	January 27, 2022
Force select query to go to Postgres master node in Kong	0	425	March 13, 2022

PostgreSQL privileges for read-only connection user in pg_ro_user

Related Topics