Re: New Role drop with Grant/Revokes stop working after subsequent runs

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: New Role drop with Grant/Revokes stop working after subsequent runs
Дата
Msg-id CAKFQuwbkc5NW3UW4EVoifHjYTwEvrAEfNAEkREQU2fz82feGxg@mail.gmail.com
обсуждение исходный текст
Ответ на New Role drop with Grant/Revokes stop working after subsequent runs  (AC Gomez <antklc@gmail.com>)
Ответы Re: New Role drop with Grant/Revokes stop working after subsequentruns
Список pgsql-general
Дерево обсуждения
On Wed, May 6, 2020 at 5:05 PM AC Gomez <antklc@gmail.com> wrote:
We have developed some code that creates a new role to be used as the main role for DB usage. This code will be called on a predetermined frequency to act a role/pwd rotation mechanism.

Each time the code is run we feed it the prior role that was created (the Db owner being the initial role fed in).

Frankly, I don't know why your algorithm is failing to work but I'd suggest you implement a better algorithm.

Ownership and permissions are granted to roles (groups) that are not allowed to login.
Login roles are made members of the group roles.

I suppose the main question is, why would a bunch of grant and revoke commands run and not do anything, not even throw an error?

Maybe its a bug? - I doubt this kind of manipulation is all that common or tested given the presence of what seems to be a superior alternative.

David J.

    В списке pgsql-general по дате отправления:

    Предыдущее
    От: AC Gomez
    Дата:
    Сообщение: New Role drop with Grant/Revokes stop working after subsequent runs
    Следующее
    От: Mohamed Wael Khobalatte
    Дата:
    Сообщение: pg_restore V12 fails consistently against piped pg_dumps