On Thu, May 2, 2024 at 1:47 AM RAJAMOHAN <garajamo...@gmail.com> wrote:
> Hello all, > > In our production db infrastructure, we have one read_only role which has > read privileges against all tables in schema A. > > We are planning to grant this role to some developers for viewing the > data, but also I want to limit the users from executing statements like > copy or using pg_dump. Main reason being I don't want the data to be copied > from the database to their local machines. > > I tried by implementing triggers, but was not able to figure out a way to > restrict the pg_dump and allow only select statements. > > Is there a way to implement this? Please advise. > <garajamo...@gmail.com> > If you can query a table, then you can save the query contents to your local context. That's a fundamental law of nature, since you gave them read privs. For example: psql --host=SomeEC2Node $DB -Xc "SELECT * FROM read_only_table;" > read_only_table.txt That even works on Windows.
