Re: system variable can be edited by all user?
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: chris navarroza <canavarroza.work@gmail.com>, pgsql-general@postgresql.org
Date: 2022-11-22T08:43:04Z
Lists: pgsql-general
On Tue, 2022-11-22 at 14:25 +0800, chris navarroza wrote: > Ive created a read only user (SELECT PRIVILEGE) but it turns out that this user > can do this queries: SHOW work_mem; SET work_mem='40MB'; How do I limit him? We call these "configuration parameters", and there is no way you can prevent a database user from changing them for her session. The recommendation is not to give untrustworthy users access to directly run SQL statements on the database. Yours, Laurenz Albe