Re: Predefined Role - pg_write_all_data

Поиск
Список
Период
Сортировка
От Laurenz Albe
Тема Re: Predefined Role - pg_write_all_data
Дата
Msg-id 354278ddf78e0160dccf96927213d6e5cac92d75.camel@cybertec.at
обсуждение исходный текст
Ответ на Predefined Role - pg_write_all_data  (Gambhir Singh <gambhir.singh05@gmail.com>)
Список pgsql-admin
Дерево обсуждения 
On Wed, 2023-10-25 at 20:30 +0530, Gambhir Singh wrote:
> Please help me to understand if we grant pg_write_all data role to some user then does
> that user get ability to do DML operations on system catalogs and system views.
>
> if yes then how we can restrict them.

Trying it out would have been less effort than writing this e-mail:

You are now connected to database "x" as user "postgres".
x=# GRANT pg_write_all_data TO laurenz;
GRANT ROLE
x=# SET SESSION AUTHORIZATION laurenz;
SET
x=> DELETE FROM pg_class;
ERROR:  permission denied for table pg_class

Yours,
Laurenz Albe

В списке pgsql-admin по дате отправления:

Предыдущее
От: Victor Sudakov
Дата:
Сообщение: pgbouncer's default_pool_size and server limits
Следующее
От: Ron Watkins
Дата:
Сообщение: GCP Postgres denied connection requests for user.