From: | Thom Brown <thombrown(at)gmail(dot)com> |
---|---|
To: | Kevin Kempter <kevink(at)consistentstate(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org, Merlin Moncure <mmoncure(at)gmail(dot)com>, Antonio Goméz Soto <antonio(dot)gomez(dot)soto(at)gmail(dot)com>, Nilesh Govindarajan <lists(at)itech7(dot)com> |
Subject: | Re: How to grant a user read-only access to a database? |
Date: | 2010-03-03 15:06:21 |
Message-ID: | bddc86151003030706l1a50b54as9d07f7f5c748b535@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 3 March 2010 14:51, Kevin Kempter <kevink(at)consistentstate(dot)com> wrote:
> On Wednesday 03 March 2010 07:29:21 am Merlin Moncure wrote:
>> On Tue, Mar 2, 2010 at 9:56 AM, Thom Brown <thombrown(at)gmail(dot)com> wrote:
>> > As far as I'm aware. It's only in the upcoming version 9.0 that you
>> > can do things like:
>> >
>> > GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;
>> >
>> > Other folk on here may have some alternative suggestions though.
>>
>> 9.0 will also have the hot standby feature. setting up a standby is
>> pretty much always a good idea and access to the standby is
>> automatically read only. this would be a cheap way to get what you
>> want without dealing with privileges which is nice. you are also
>> relatively insulated from problematic queries the user might make like
>> accidental unconstrained joins, full table sorts etc..
>>
>> merlin
>
>
> I believe all you have to do is this to create a read only user:
>
> create user ro_user with password 'passwd';
>
> alter user ro_user set default_transaction_read_only = true;
>
I believe that will only affect the *default* setting of the
transaction. The user could still run the following before a query to
write again:
SET SESSION CHARACTERISTICS AS TRANSACTION READ WRITE
Thom
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2010-03-03 15:18:38 | Re: LDAP Login Problem |
Previous Message | Ivan Sergio Borgonovo | 2010-03-03 15:05:29 | bug in function arguments "recognition" |