| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Ravi Roy <ravi(dot)aroy(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Creating a role with read only privileges but user is allowed to change password |
| Date: | 2014-05-11 18:09:59 |
| Message-ID: | 536FBCF7.4010903@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 05/11/2014 10:17 AM, Ravi Roy wrote:
> Thanks a lot Tom, it worked by putting off the read only mode to off
> before changing the password and putting it on again.
>
>> SET default_transaction_read_only = off;
>
> Worked for me..
It works but the point Tom was making is here:
"You realize, I hope, that breaking out of that restriction is no harder
than issuing
SET default_transaction_read_only = off;
or even
BEGIN TRANSACTION READ WRITE;
So that ALTER ROLE might be of some use as a protection against accidental
changes, but it's certainly no form of security restriction. (What you
probably want to do instead of this is make sure the role doesn't have
select/update/delete privileges for any of your tables.)
"
Given that in your original post you said:
"Because I wanted this role to readonly (can not change anything in DB
but only view)."
you might want to rethink what you are doing.
>
> Many thanks to you!
>
> Regards
> Ravi
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G Johnston | 2014-05-11 20:01:00 | Re: Partitioning such that key field of inherited tables no longer retains any selectivity |
| Previous Message | Tim Kane | 2014-05-11 18:07:01 | Re: Re: Partitioning such that key field of inherited tables no longer retains any selectivity |