Thread: system variable can be edited by all user?

On Tue, 2022-11-22 at 14:25 +0800, chris navarroza wrote:
> Ive created a read only user (SELECT PRIVILEGE) but it turns out that this user
> can do this queries: SHOW work_mem; SET work_mem='40MB'; How do I limit him?

We call these "configuration parameters", and there is no way you can prevent
a database user from changing them for her session.  The recommendation is not
to give untrustworthy users access to directly run SQL statements on the database.

Yours,
Laurenz Albe

On 11/21/22 22:25, chris navarroza wrote:
> Hi,
> 
> Ive created a read only user (SELECT PRIVILEGE) but it turns out that 
> this user can do this queries: SHOW work_mem; SET work_mem='40MB'; How 
> do I limit him?

Short answer is what Laurenz Albe posted.

Long answer is:

From:

https://www.postgresql.org/docs/current/view-pg-settings.html

select name, setting, context from pg_settings where name = 'work_mem';
    name   | setting | context
----------+---------+---------
  work_mem | 4096    | user

user

     These settings can be set from postgresql.conf, or within a session 
via the SET command. Any user is allowed to change their session-local 
value. Changes in postgresql.conf will affect existing sessions only if 
no session-local value has been established with SET.


See page for the other possible values for context and what they mean 
with regard to privileges.

>
> Thanks,
> 
> Butching
> 

-- 
Adrian Klaver
adrian.klaver@aklaver.com