On Wed, 2023-10-25 at 20:30 +0530, Gambhir Singh wrote:
> Please help me to understand if we grant pg_write_all data role to some user then does
> that user get ability to do DML operations on system catalogs and system views.
>
> if yes then how we can restrict them.
Trying it out would have been less effort than writing this e-mail:
You are now connected to database "x" as user "postgres".
x=# GRANT pg_write_all_data TO laurenz;
GRANT ROLE
x=# SET SESSION AUTHORIZATION laurenz;
SET
x=> DELETE FROM pg_class;
ERROR: permission denied for table pg_class
Yours,
Laurenz Albe