I had the need to create a read-only user for a certain database in Redshift. Below is a runbook on how to accomplish this.
-- create user in `published` database
create user readonly_user with password '<password in plain text>';
-- create group to take perms
create group data_viewers;
-- add user to group
alter group data_viewers add user readonly_user;
-- revoke default create rights on public schema
revoke create on schema public from group data_viewers;
-- grant access to schema
grant usage on schema public to group data_viewers;
-- grant access to current tables in schema
grant select on all tables in schema public to group data_viewers;
-- grant access to future tables in the schema
alter default privileges in schema public grant select on tables to group data_viewers;
There. Short & sweet; Runbook for my future self. I found this elsewhere on the web, and neglected to save the reference. If you know where it came from, let me know, and I’ll ensure to give the appropriate citation. :)