From: | "E(dot) S(dot)" <yields(dot)falsehood(at)gmail(dot)com> |
---|---|
To: | matthias ritzkowski <matthias(at)marlinmobile(dot)com> |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: Best practice to create a read-only user? |
Date: | 2013-05-03 15:05:23 |
Message-ID: | CAGHT9YP2VBu-WKszP+NarOZZ8mfNWEJ+m=O4QzSNtabxCyP8Gg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
default_transaction_read_only is just a default. Users can still disable it
for themselves and it is not intended to act as a security measure. In the
second example, user uuu could still create and modify data for which s/he
has the privileges granted to do so by first issuing a "set transaction
read write".
On Fri, May 3, 2013 at 10:03 AM, matthias ritzkowski <
matthias(at)marlinmobile(dot)com> wrote:
> Hello,
>
> Usually I would
>
> create user uuu password 'ppp';
> GRANT usage on schema zzz to uuu;
> GRANT select on all tables in schema zzz to uuu;
>
>
> But just this morning someone used
> create user uuu password 'ppp';
> alter user uuu set default_transaction_read_only = on;
> GRANT select on all tables in schema zzz to uuu;
>
> So I only added the grant usage and it worked fine.
> What do people use day to day?
>
> I had frankly never explored the default_transaction_read_only
> parameter ...
>
>
> --
>
> regards
> Matthias Ritzkowski
> -marlinmobile-
>
>
> --
> Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-admin
>
From | Date | Subject | |
---|---|---|---|
Next Message | Rodrigo Barboza | 2013-05-03 15:09:00 | pg_stat_tmp file |
Previous Message | Ray Stell | 2013-05-03 14:28:38 | Re: Problem: pg_hba.conf is automatically rewritten every day |