Обсуждение: Revoke delete on a table for super user
PostgreSQL 9.5
Is there a way to revoke the ability to perform delete on a table for a user that is a super user?
I know technically you could add the access back but is it possible?
Thanks,
Lance
"Campbell, Lance" <lance@illinois.edu> writes:
> Is there a way to revoke the ability to perform delete on a table for a user that is a super user?
No. Superusers bypass all access controls, by definition. Your best bet
is to not do more than you absolutely must as a superuser.
regards, tom lane
Dne 2.8.2016 v 19:27 Tom Lane napsal(a): > "Campbell, Lance" <lance@illinois.edu> writes: >> Is there a way to revoke the ability to perform delete on a table for a user that is a super user? > > No. Superusers bypass all access controls, by definition. Your best bet > is to not do more than you absolutely must as a superuser. > > regards, tom lane > > I guess you could achieve this using a trigger. Regards, Ondřej
I think your best bet is to create a role and assign the permissions that you want to that role/user. I would not changethe anything on the superuser. Regards, Bryan -----Original Message----- From: pgsql-admin-owner@postgresql.org [mailto:pgsql-admin-owner@postgresql.org] On Behalf Of Ondrej Svetlík Sent: Tuesday, August 02, 2016 3:28 PM To: pgsql-admin@postgresql.org Subject: Re: [ADMIN] Revoke delete on a table for super user Dne 2.8.2016 v 19:27 Tom Lane napsal(a): > "Campbell, Lance" <lance@illinois.edu> writes: >> Is there a way to revoke the ability to perform delete on a table for a user that is a super user? > > No. Superusers bypass all access controls, by definition. Your best > bet is to not do more than you absolutely must as a superuser. > > regards, tom lane > > I guess you could achieve this using a trigger. Regards, Ondřej -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin