Обсуждение: Temporarily disable a role
Hello everyone.
I'm wondering if there is any way we could disable a role temporarily, and enable it later.
For example, there are two users u1 and u2. User u1 grants the privileges of its table t1 to role r1:
grant all on t1 to r1;
Then, role r1 is granted to user u2:
grant r1 to u2;
Now user u2 should have access to table t1. Here is my question: can we disable role r1 so that user u2 will not have permissions on table t1? Note that role r1 is not removed, so we can enable it later.
I expected ALTER ROLE would have some options dealing with this, but could not find a proper way. Does anyone have ideas? Thanks in advance.
Best regards
On 06/11/2018 03:24 AM, Yinjie Lin wrote:
Why not revoke r1 from u2?
Hello everyone.I'm wondering if there is any way we could disable a role temporarily, and enable it later.For example, there are two users u1 and u2. User u1 grants the privileges of its table t1 to role r1:grant all on t1 to r1;Then, role r1 is granted to user u2:grant r1 to u2;Now user u2 should have access to table t1. Here is my question: can we disable role r1 so that user u2 will not have permissions on table t1? Note that role r1 is not removed, so we can enable it later.I expected ALTER ROLE would have some options dealing with this, but could not find a proper way. Does anyone have ideas? Thanks in advance.
Why not revoke r1 from u2?
--
Angular momentum makes the world go 'round.
Angular momentum makes the world go 'round.
Sorry I didn't describe my question clearly. Say that role r1 is granted to many users, and I want to disable role r1 so that privileges granted to these users are disabled at the same time. I don't want to call REVOKE for each user, and it can prevent situations when I forget to call REVOKE for some users.
Ron <ronljohnsonjr@gmail.com> 于2018年6月11日周一 下午4:43写道:
On 06/11/2018 03:24 AM, Yinjie Lin wrote:Hello everyone.I'm wondering if there is any way we could disable a role temporarily, and enable it later.For example, there are two users u1 and u2. User u1 grants the privileges of its table t1 to role r1:grant all on t1 to r1;Then, role r1 is granted to user u2:grant r1 to u2;Now user u2 should have access to table t1. Here is my question: can we disable role r1 so that user u2 will not have permissions on table t1? Note that role r1 is not removed, so we can enable it later.I expected ALTER ROLE would have some options dealing with this, but could not find a proper way. Does anyone have ideas? Thanks in advance.
Why not revoke r1 from u2?--
Angular momentum makes the world go 'round.
Le lun. 11 juin, vers 16:24, Yinjie Lin exprimait : > Hello everyone. Hey ! > I'm wondering if there is any way we could disable a role temporarily, and > enable it later. Maybe you should create a group, add your grants to this group and create users into this group. Then, when you want to "disable", you just have to remove this from the group: https://www.postgresql.org/docs/10/static/sql-creategroup.html Regards, -- Stéphane KANSCHINE - https://www.hexack.fr./ - https://www.nuajik.io./ @ stephane@hexack.fr +33 6 64 31 72 52