Set the cluster to read-only in yugabytedb

ZhenNan2016 · January 13, 2025, 4:22am

Hi
Is there a global switch that can set the entire cluster to read-only in yugabytedb ?
That is to say, after setting the switch, all nodes in the cluster will accept user operations only as read-only, and write operations will be rejected.
Thanks a lot.

dorian_yugabyte · January 13, 2025, 7:27am

Hi @ZhenNan2016

There is no such mode. Maybe you can create a read-only user in YSQL?

Jim_Knicely · January 13, 2025, 7:31pm

There is a parameter called default_transaction_read_only that can be set to make all transactions read only.

See: Make a Database Read Only
See: Ensure a Read Replica Cluster is Strictly Read-Only

However, the setting can be overridden easily at the session level.

As Dorian suggested, a read only user is a good option.
See: Create a Read Only User

Note that PG15 support is coming to YB! So the pg_read_all_data role will available real soon!

ZhenNan2016 · January 16, 2025, 3:14am

Hi, @Jim_Knicely.
Thanks for the reply.
Read-only switches based on session level may not fulfill the requirements. My requirement is that I want all sessions, all users, to have read-only access to the database, not write.
Thanks a lot.

dorian_yugabyte · January 16, 2025, 10:17am

Can you explain the requirement more? Why can’t you just create read-only users?

ZhenNan2016 · January 17, 2025, 3:36am

Hi.
There is such a scenario, the user originally has read and write permissions, but will be triggered based on a certain condition, do not want the user to continue to write data, only read the old data.
If the control is based on the user, there are two demand points:
1, if the user has been created, with read and write access, it also needs to be changed to read-only, preventing the continuation of writing.
2, if you re-create a user that can read and write operations, then also still have read and write permissions. This way, the user can’t be in read-only state after a certain condition is triggered.

Thanks a lot.

dorian_yugabyte · January 20, 2025, 7:07am

I didn’t understand why you can’t use per-role though. Why not alter role and only allow reads when your condition is triggered?

ZhenNan2016 · January 20, 2025, 9:05am

Hi
If the control user permissions are read-only, it is OK for old usernames. If you create another user, is it possible to read and write to the database again? To draw an analogy:
Original test-a, set to read-only, no problem. However, if you re-create test-b, you can read and write again, which violates the “read-only” principle.
The general principle is that you want the entire cluster, i.e. all nodes, to be read-only for all user operations.
Thanks.

Topic		Replies	Views
Yugabyte Cloud superuser General	4	651	October 27, 2021
Setting up read replica cluster General	11	1660	February 26, 2021
How to set cluster level PostgreSQL config parameters? General	1	952	October 14, 2020
Optimistic Locking in YugaByte DB General	5	882	September 24, 2022
Is it recomended to create a cluster in production by yugabyted? General	1	80	June 30, 2024

Set the cluster to read-only in yugabytedb

Related topics