Grant access to tables selectively

jcassee · August 31, 2022, 10:22pm

Hi,

I’m trying to use Neon with PostGraphile, a GraphQL interface to Postgres databases similar to Hasura. My setup uses selective GRANT SELECTs on tables to limit API access. In Neon, I cannot seem to revoke access to all tables. (I tried REVOKE ALL ON DATABASE [db] and REVOKE ALL ON SCHEMA public.)

Is this a limitation in my Postgres knowledge, or something about the way roles work in Neon?

Best,
Joost

Stas_Kelvich · September 16, 2022, 12:57pm

Hi!

Currently we are granting pg_read_all_data and pg_write_all_data to Postgres users PostgreSQL: Documentation: 14: 22.5. Predefined Roles. That is why you can’t revoke per-schema/table access. We know that it is a problem and have a plan to fix it by neon/017-user-management.md at user_mgmt_rfc · neondatabase/neon · GitHub (most likely later this year).