Tiger Cloud: Performance, Scale, Enterprise
Self-hosted products
MST
When you create a service, Tiger Cloud assigns you the tsdmadmin role. This role has full permissions to modify data in your service. However, Tiger Cloud does not provide superuser access. tsdmadmin is not a superuser.
As tsdmadmin, you can use standard Postgres means to create other roles or assign individual permissions. This page shows you how to create a read-only role for your database. Adding a read-only role does not provide resource isolation. To restrict the access of a read-only user, as well as isolate resources, create a read replica instead.
Important
The database-level roles for the individual services in your project do not overlap with the Tiger Cloud project user roles. This page describes the database-level roles. For user roles available in Console, see Control user access to Tiger Cloud projects.
You can create a read-only user to provide limited access to your database.
Connect to your service as the tsdbadmin user.
Create the new role:
CREATE ROLE readaccess;Grant the appropriate permissions for the role, as required. For example, to grant
SELECTpermissions to a specific table, use:GRANT SELECT ON <TABLE_NAME> TO readaccess;To grant
SELECTpermissions to all tables in a specific schema, use:GRANT SELECT ON ALL TABLES IN SCHEMA <SCHEMA_NAME> TO readaccess;Create a new user:
CREATE USER read_user WITH PASSWORD 'read_password';Assign the role to the new user:
GRANT readaccess TO read_user;
Keywords
Found an issue on this page?Report an issue
or Edit this page in GitHub.