In our production db infrastructure, we have one read_only role which has read privileges against all tables in schema A.
We are planning to grant this role to some developers for viewing the data, but also I want to limit the users from executing statements like copy or using pg_dump. Main reason being I don't want the data to be copied from the database to their local machines.
I tried by implementing triggers, but was not able to figure out a way to restrict the pg_dump and allow only select statements.
Is there a way to implement this? Please advise.
If you can query a table, then you can save the query contents to your local context. That's a fundamental law of nature, since you gave them read privs.
For example:
psql --host=SomeEC2Node $DB -Xc "SELECT * FROM read_only_table;" > read_only_table.txt