Re: New Role drop with Grant/Revokes stop working after subsequent runs
| От | David G. Johnston |
|---|---|
| Тема | Re: New Role drop with Grant/Revokes stop working after subsequent runs |
| Дата | |
| Msg-id | CAKFQuwbkc5NW3UW4EVoifHjYTwEvrAEfNAEkREQU2fz82feGxg@mail.gmail.com обсуждение исходный текст |
| Ответ на | New Role drop with Grant/Revokes stop working after subsequent runs (AC Gomez <antklc@gmail.com>) |
| Ответы |
Re: New Role drop with Grant/Revokes stop working after subsequentruns
|
| Список | pgsql-general |
On Wed, May 6, 2020 at 5:05 PM AC Gomez <antklc@gmail.com> wrote:
We have developed some code that creates a new role to be used as the main role for DB usage. This code will be called on a predetermined frequency to act a role/pwd rotation mechanism.
Each time the code is run we feed it the prior role that was created (the Db owner being the initial role fed in).
Frankly, I don't know why your algorithm is failing to work but I'd suggest you implement a better algorithm.
Ownership and permissions are granted to roles (groups) that are not allowed to login.
Login roles are made members of the group roles.
I suppose the main question is, why would a bunch of grant and revoke commands run and not do anything, not even throw an error?
Maybe its a bug? - I doubt this kind of manipulation is all that common or tested given the presence of what seems to be a superior alternative.
David J.
В списке pgsql-general по дате отправления: