As the default user, I create a graph with some objects, and grant read access to user guest:
$ agens
agens (AgensGraph 2.2devel, based on PostgreSQL 10.4)
Type "help" for help.
peter=# create graph mygraph;
CREATE GRAPH
peter=# create (:obj1);
UPDATE 1
peter=# create (:obj2);
UPDATE 1
peter=# GRANT USAGE ON SCHEMA mygraph TO guest;
GRANT
peter=# GRANT SELECT ON ALL TABLES IN SCHEMA mygraph TO guest;
GRANT
peter=# ALTER DEFAULT PRIVILEGES IN SCHEMA mygraph GRANT SELECT ON TABLES TO guest;
ALTER DEFAULT PRIVILEGES
peter=# \q
Now I log in as user guest. I can't add new objects to the graph, but I can add attributes to existing objects, and I can delete objects:
$ agens -U guest -d peter
agens (AgensGraph 2.2devel, based on PostgreSQL 10.4)
Type "help" for help.
peter=> set graph_path = 'mygraph';
SET
peter=> create (:obj1{foo:'bar'});
ERROR: permission denied for sequence obj1_id_seq
peter=> create (:obj3);
ERROR: permission denied for schema mygraph
CONTEXT: SQL statement "CREATE VLABEL "obj3""
peter=> match (o:obj1) set o.foo = true;
UPDATE 1
peter=> match (o:obj1) return o;
o
------------------------
obj1[3.1]{"foo": true}
(1 row)
peter=> match (o:obj1) delete o;
UPDATE 1
peter=> match (o:obj1) return o;
o
---
(0 rows)
How do I create a truely read-only user, who can't change or delete anything in my graph?
As the default user, I create a graph with some objects, and grant read access to user
guest:Now I log in as user
guest. I can't add new objects to the graph, but I can add attributes to existing objects, and I can delete objects:How do I create a truely read-only user, who can't change or delete anything in my graph?