Permissions Setting in Postgresql Database

Heya,

Just preparing to start exploring Render Postgresql for the first time and wondering what types of permissions would need to be set on a new database?

i.e. What permissions does the new user have when you create a database.

Is it a superuser, and therefore would you need to take care of the majority of permissions administration for the database? Or, is it a user with less privileges?

Hi there,

Thanks for reaching out.

Render Postgres is a managed service, so you don’t have superuser access. Is there a particular permission you looking for/running up against?

Thanks

Alan

Thanks Alan, good to know.

No issues at all, literally just exploring/understanding before using.

Some advice you see in terms of security best practices is along the lines of…

REVOKE ALL ON DATABASE mydb FROM PUBLIC;
REVOKE ALL ON SCHEMA public FROM PUBLIC;

Then create separate roles for app_admin and app_user and GRANT least permissions selectively to these roles.

My assumption is that the new user you get when creating a new database in Render is essentially a kind of app_admin user.

Yes, the default user will have a lot of privileges, but it’s not a superuser. You’d likely want to retain the default as an admin-like user and create others with less permission as required for your use-case.

Alan