From: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
---|---|
To: | rajan <vgmonnet(at)gmail(dot)com> |
Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Disabling START TRANSACTION for a SuperUser |
Date: | 2015-10-27 12:23:02 |
Message-ID: | CAMsr+YGSm0cWV1iiTa8g-oyfcDzSiTAY1kmF-ZQJn8Wz=P8KnA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 27 October 2015 at 18:25, rajan <vgmonnet(at)gmail(dot)com> wrote:
> Hi,
>
> I have created a readonly user by executing the following statements,
> CREATE USER backupadm SUPERUSER password 'mypass';
A superuser can never be a read only user.
> ALTER USER backupadm set default_transaction_read_only = on;
They can just
SET default_transaction_read_only = off;
to get around that. It has no useful effect for security.
> But the backupadm user is able to create/update table when using START
> TRANSACTION READ WRITE and then COMMIT;
>
> Is there any way to block/disabling an User from running Transactions?
No, it's fundamentally impossible, because the statements you
mentioned - like CREATE USER - also run within transactions.
You could stop them from running an explicit transaction, but that
wouldn't stop them using CREATE TABLE, UPDATE, etc, as stand-alone
statements.
What you appear to want can be achieved, albeit with some difficulty,
using an ExecutorStart_hook and ProcessUtility_hook, implemented with
a C extension. You can find an example of one in pg_stat_statements,
sepgsql, and in the BDR source code. The latter uses it for a similar
purpose to what you describe - to limit what commands can be run.
Doing that securely will be challenging.
--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Fabrízio de Royes Mello | 2015-10-27 13:14:15 | Re: Getting sorted data from foreign server |
Previous Message | rajan | 2015-10-27 10:25:31 | Disabling START TRANSACTION for a SuperUser |