On 12/10/15 04:09 AM, Stephen Cook wrote:
On 10/12/2015 3:48 AM, Dave Page wrote:
Implementing security at the client level is *never* correct. In this
case, the users could just use the query tool if they actually wanted
to bypass the missing drop option, or go get another client and
connect with that.
I have superuser rights and sometimes mis-click.
I'm also concerned with the "Delete/Drop" right underneath "Disconnect
database" in the context menu. The confirmation popup has saved me many
times over the years.
If it were an option I would disable it. Just my 2 cents...
-- Stephen
While it is quite true that mis-clicks are a possibility (I'm sure we
have all seen the situation where an overloaded system can't quite keep
up with screen coordinates and what we think we are clicking is not what
gets activated) I agree with Dave that the backend protection comes
first. It might make sense to activate/deactivate buttons in a client
based on detected backend permissions, but this leaves the client user
to use whatever role has the permissions required to achieve the
intended tasks.
--
Sent via pgadmin-support mailing list (pgadmin-support@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-support
