| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Gambhir Singh <gambhir(dot)singh05(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Predefined Role - pg_write_all_data |
| Date: | 2023-10-26 05:34:47 |
| Message-ID: | 354278ddf78e0160dccf96927213d6e5cac92d75.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Wed, 2023-10-25 at 20:30 +0530, Gambhir Singh wrote:
> Please help me to understand if we grant pg_write_all data role to some user then does
> that user get ability to do DML operations on system catalogs and system views.
>
> if yes then how we can restrict them.
Trying it out would have been less effort than writing this e-mail:
You are now connected to database "x" as user "postgres".
x=# GRANT pg_write_all_data TO laurenz;
GRANT ROLE
x=# SET SESSION AUTHORIZATION laurenz;
SET
x=> DELETE FROM pg_class;
ERROR: permission denied for table pg_class
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Watkins | 2023-10-26 19:39:55 | GCP Postgres denied connection requests for user. |
| Previous Message | Victor Sudakov | 2023-10-26 03:14:08 | pgbouncer's default_pool_size and server limits |