Re: Creating a role with read only privileges but user is allowed to change password
| От | Adrian Klaver |
|---|---|
| Тема | Re: Creating a role with read only privileges but user is allowed to change password |
| Дата | |
| Msg-id | 536FBCF7.4010903@aklaver.com обсуждение исходный текст |
| Ответ на | Re: Creating a role with read only privileges but user is allowed to change password (Ravi Roy <ravi.aroy@gmail.com>) |
| Ответы |
Re: Creating a role with read only privileges but user is allowed
to change password
Re: Creating a role with read only privileges but user is allowed to change password |
| Список | pgsql-general |
On 05/11/2014 10:17 AM, Ravi Roy wrote: > Thanks a lot Tom, it worked by putting off the read only mode to off > before changing the password and putting it on again. > >> SET default_transaction_read_only = off; > > Worked for me.. It works but the point Tom was making is here: "You realize, I hope, that breaking out of that restriction is no harder than issuing SET default_transaction_read_only = off; or even BEGIN TRANSACTION READ WRITE; So that ALTER ROLE might be of some use as a protection against accidental changes, but it's certainly no form of security restriction. (What you probably want to do instead of this is make sure the role doesn't have select/update/delete privileges for any of your tables.) " Given that in your original post you said: "Because I wanted this role to readonly (can not change anything in DB but only view)." you might want to rethink what you are doing. > > Many thanks to you! > > Regards > Ravi -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: