| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Sameer Kumar <sameer(dot)kumar(at)ashnik(dot)com> |
| Cc: | PostgreSQL General Discussion Forum <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Limiting user from changing its own attributes |
| Date: | 2015-04-10 16:57:26 |
| Message-ID: | CAKFQuwYLi+YqhUhTwj3m2RkWM4oE8c39TMeXPWbK2=6piHia6A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Apr 10, 2015 at 9:01 AM, Sameer Kumar <sameer(dot)kumar(at)ashnik(dot)com>
wrote:
> Hi,
>
> In PostgreSQL a user can alter itself to change its user level parameters.
> e.g. I can alter the user to change work_mem -
>
>
> psql -U user1 -d postgres
> postgres=# alter user user user1 set work_mem to '1024000';
>
Is this a typo? - the above has a syntax error...
ALTER ROLE
> postgres=#
>
> Is there a way I restrict this behavior? or atleast put a restriction on
> the certain parameters e.g. work_mem to be not set to too high?
>
>
Not that I'm aware of - and the ability to change parameters is not
limited to ALTER ROLE.
Setting "work_mem" too low can be just as problematic as setting it too
high. This one could probably be solved readily enough but you sound like
you are looking for some blanket capability to either add targeted security
about GUCs or setup a way to alter generically the "upper_bound,
lower_bound" properties of numeric variables. Upper is somewhat easier
but currently the system would only recognize a global constraint.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Keith Fiske | 2015-04-10 17:00:18 | Re: Background worker assistance & review |
| Previous Message | Sameer Kumar | 2015-04-10 16:01:25 | Limiting user from changing its own attributes |