Re: Best practice to create a read-only user?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

default_transaction_read_only is just a default. Users can still disable it for themselves and it is not intended to act as a security measure. In the second example, user uuu could still create and modify data for which s/he has the privileges granted to do so by first issuing a "set transaction read write".

On Fri, May 3, 2013 at 10:03 AM, matthias ritzkowski <matthias@xxxxxxxxxxxxxxxx> wrote:
Hello,

Usually I would

create user uuu password 'ppp';
GRANT usage on schema zzz to uuu;
GRANT select on all tables in schema zzz to uuu;


But just this morning someone used
create user uuu password 'ppp';
alter user uuu set default_transaction_read_only = on;
GRANT select on all tables in schema zzz to uuu;

So I only added the grant usage and it worked fine.
What do people use day to day?

I had frankly never explored the default_transaction_read_only
parameter ...


--

regards
Matthias Ritzkowski
-marlinmobile-


--
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux