default_transaction_read_only is just a default. Users can still disable it for themselves and it is not intended to act as a security measure. In the second example, user uuu could still create and modify data for which s/he has the privileges granted to do so by first issuing a "set transaction read write".
On Fri, May 3, 2013 at 10:03 AM, matthias ritzkowski
<matthias@marlinmobile.com> wrote:
Hello,
Usually I would
create user uuu password 'ppp';
GRANT usage on schema zzz to uuu;
GRANT select on all tables in schema zzz to uuu;
But just this morning someone used
create user uuu password 'ppp';
alter user uuu set default_transaction_read_only = on;
GRANT select on all tables in schema zzz to uuu;
So I only added the grant usage and it worked fine.
What do people use day to day?
I had frankly never explored the default_transaction_read_only
parameter ...
--
regards
Matthias Ritzkowski
-marlinmobile-
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
