Postgres Pro
Downloads
Home   >   mailing lists

Re: Creating a role with read only privileges but user is allowed to change password - Mailing list pgsql-general

From Adrian Klaver
Subject Re: Creating a role with read only privileges but user is allowed to change password
Date
Msg-id 536FBCF7.4010903@aklaver.com
Whole thread Raw
In response to Re: Creating a role with read only privileges but user is allowed to change password  (Ravi Roy <ravi.aroy@gmail.com>)
Responses Re: Creating a role with read only privileges but user is allowed to change password
Re: Creating a role with read only privileges but user is allowed to change password
List pgsql-general
Tree view 
On 05/11/2014 10:17 AM, Ravi Roy wrote:
> Thanks a lot Tom, it worked by putting off the read only mode to off
> before changing the password and putting it on again.
>
>> SET default_transaction_read_only = off;
>
> Worked for me..

It works but the point Tom was making is here:

"You realize, I hope, that breaking out of that restriction is no harder
than issuing

SET default_transaction_read_only = off;

or even

BEGIN TRANSACTION READ WRITE;

So that ALTER ROLE might be of some use as a protection against accidental
changes, but it's certainly no form of security restriction.  (What you
probably want to do instead of this is make sure the role doesn't have
select/update/delete privileges for any of your tables.)
"

Given that in your original post you said:

"Because I wanted this role to readonly (can not change anything in DB
but only view)."


you might want to rethink what you are doing.

>
> Many thanks to you!
>
> Regards
> Ravi

--
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-general by date:

Previous
From: Tim Kane
Date:
Subject: Re: Re: Partitioning such that key field of inherited tables no longer retains any selectivity
Next
From: David G Johnston
Date:
Subject: Re: Partitioning such that key field of inherited tables no longer retains any selectivity