Re: Limiting user from changing its own attributes

On Fri, Apr 10, 2015 at 9:01 AM, Sameer Kumar <sameer.kumar@ashnik.com> wrote:

Hi,

In PostgreSQL a user can alter itself to change its user level parameters. e.g. I can alter the user to change work_mem - 

psql -U user1 -d postgres

postgres=# alter user user user1 set work_mem to '1024000';

​Is this a typo? - the above has a syntax error...​

ALTER ROLE

postgres=#

Is there a way I restrict this behavior? or atleast put a restriction on the certain parameters e.g. work_mem to be not set to too high?

​Not that I'm aware of - and the ability to change parameters is not limited to ALTER ROLE.

Setting "work_mem" too low can be just as problematic as setting it too high.  This one could probably be solved readily enough but you sound like you are looking for some blanket capability to either add targeted security about GUCs or setup a way to alter generically the "upper_bound, lower_bound" ​properties of numeric variables. 

Upper is somewhat easier but currently the system would only recognize a global constraint.

​David J.​