default_transaction_read_only is just a default. Users can still disable it for themselves and it is not intended to act as a security measure. In the second example, user uuu could still create and modify data for which s/he has the privileges granted to do so by first issuing a "set transaction read write".
On Fri, May 3, 2013 at 10:03 AM, matthias ritzkowski < matth...@marlinmobile.com> wrote: > Hello, > > Usually I would > > create user uuu password 'ppp'; > GRANT usage on schema zzz to uuu; > GRANT select on all tables in schema zzz to uuu; > > > But just this morning someone used > create user uuu password 'ppp'; > alter user uuu set default_transaction_read_only = on; > GRANT select on all tables in schema zzz to uuu; > > So I only added the grant usage and it worked fine. > What do people use day to day? > > I had frankly never explored the default_transaction_read_only > parameter ... > > > -- > > regards > Matthias Ritzkowski > -marlinmobile- > > > -- > Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-admin >
