django-sql-dashboard documentation, Release 1.2-1-g422fce1
This grants that role the ability to see what tables exist. You then need to grant SELECT access to specific tables like
this:
GRANT SELECT ON TABLE
public.locations_location,
public.locations_county,
public.django_content_type,
public.django_migrations
TO "my-read-only-role";
Think carefully about which tables you expose to the dashboard - in particular, you should avoid exposing tables that
contain sensitive data such as auth_user or django_session.
If you do want to expose auth_user - which can be useful if you want to join other tables against it to see details of
the user that created another record - you can grant access to specific columns like so:
GRANT SELECT(
id, last_login, is_superuser, username, first_name,
last_name, email, is_staff, is_active, date_joined
) ON auth_user TO "my-read-only-role";
This will allow queries against everything except for the password column.
Note that if you use this pattern the query select * from auth_user will return a “permission denied” error.
You will need to explicitly list the columns you would like to see from that table instead, for example select id,
username, date_joined from auth_user.
1.4 Configuring the “dashboard” database alias
Django SQL Dashboard defaults to executing all queries using the "dashboard" Django database alias.
You can define this "dashboard" database alias in settings.py. Your DATABASES section should look something
like this:
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": "mydb",
"USER": "read_write_user",
"PASSWORD": "read_write_password",
"HOST": "dbhost.example.com",
"PORT": "5432",
},
"dashboard": {
"ENGINE": "django.db.backends.postgresql",
"NAME": "mydb",
"USER": "read_only_user",
"PASSWORD": "read_only_password",
"HOST": "dbhost.example.com",
"PORT": "5432",
"OPTIONS": {
"options": "-c default_transaction_read_only=on -c statement_timeout=100"
},
(continues on next page)
2 Chapter 1. Installation and configuration