Grant access to tables selectively


I’m trying to use Neon with PostGraphile, a GraphQL interface to Postgres databases similar to Hasura. My setup uses selective GRANT SELECTs on tables to limit API access. In Neon, I cannot seem to revoke access to all tables. (I tried REVOKE ALL ON DATABASE [db] and REVOKE ALL ON SCHEMA public.)

Is this a limitation in my Postgres knowledge, or something about the way roles work in Neon?


1 Like


Currently we are granting pg_read_all_data and pg_write_all_data to Postgres users PostgreSQL: Documentation: 14: 22.5. Predefined Roles. That is why you can’t revoke per-schema/table access. We know that it is a problem and have a plan to fix it by neon/ at user_mgmt_rfc · neondatabase/neon · GitHub (most likely later this year).

1 Like