Ravi Roy <ravi.aroy@xxxxxxxxx> writes: > I've created a role named "MyRole" in posgresql with the following : > CREATE ROLE "MyRole" NOSUPERUSER LOGIN NOCREATEDB NOCREATEROLE NOINHERIT > PASSWORD "MyPassword"; > ALTER ROLE "MyRole" set default_transaction_read_only = on; > Because I wanted this role to readonly (can not change anything in DB but > only view). You realize, I hope, that breaking out of that restriction is no harder than issuing SET default_transaction_read_only = off; or even BEGIN TRANSACTION READ WRITE; So that ALTER ROLE might be of some use as a protection against accidental changes, but it's certainly no form of security restriction. (What you probably want to do instead of this is make sure the role doesn't have select/update/delete privileges for any of your tables.) > But later I realized this role is not even allowed to change his password. Just do one of the above things first... regards, tom lane
