Re: thread by Jessica Richards on read only permissions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Mija Lee <mija(at)scharp(dot)org>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: thread by Jessica Richards on read only permissions
Date: 2007-10-26 20:10:58
Message-ID: 25810.1193429458@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

Mija Lee <mija(at)scharp(dot)org> writes:
> I wanted to follow up on the thread opened by Jessica Richards on
> granting read only permissions. Basically it sounded like there were two
> options:

> 1. granting select on each table
> 2. alter user set default_transaction_read_only to true

You do realize that #2 is completely insecure? It's only establishing a
session default, which the user can override with a simple SET.

regards, tom lane

In response to

Responses

Browse pgsql-novice by date

  From Date Subject
Next Message Mija Lee 2007-10-27 00:09:32 Re: thread by Jessica Richards on read only permissions
Previous Message Mija Lee 2007-10-26 19:56:11 thread by Jessica Richards on read only permissions