Обсуждение: Permission ALTER PASSWORD

Поиск
Список
Период
Сортировка

Permission ALTER PASSWORD

От
"Anderson Alves de Albuquerque "
Дата:
 
 I have problem with permission, I need to use a user no SUPERUSER.
 
 I use commands:
CREATE ROLE $USER LOGIN;
ALTER user $USER noCREATEDB  NOCREATEROLE noCREATEUSER NOINHERIT; 
ALTER USER $USER with password 'XX';
REVOKE create on SCHEMA public from public;
revoke all on schema PUBLIC FROM $USER;
 
 With these commands MY user $USER don't have permission to create table and another thing. But I need that $USER can't have permission to change your password with:
psql -d $BD -h $HOST -U $USER
# ALTER $USER maluco with password  'YYY';
 
 After user $USER execute this ALTER, it get change PASSWORD. Could I block command ALTER password to user $USER? 
 

Re: [GENERAL] Permission ALTER PASSWORD

От
Decibel!
Дата:
On Wed, Aug 08, 2007 at 06:35:51PM -0300, Anderson Alves de Albuquerque  wrote:
>  After user $USER execute this ALTER, it get change PASSWORD. Could I block
> command ALTER password to user $USER?

No, there's no way to do that. You might want to look at using
ident-based authentication for that user instead.
--
Decibel!, aka Jim Nasby                        decibel@decibel.org
EnterpriseDB      http://enterprisedb.com      512.569.9461 (cell)

Вложения