Sean Chittenden <[EMAIL PROTECTED]> writes: >> I'm not objecting to the idea of being able to make users read-only. >> I'm objecting to using GUC for it. Send in a patch that, say, adds >> a bool column to pg_shadow, and I'll be happy.
> How is that any different than ALTER USER [username] SET > jail_read_only_transactions TO true? It sets something in > pg_shadow.useconfig column, which is permanent. But it has to go through a mechanism that is designed and built to allow that value to be overridden from other places. I think using GUC for this is just asking for trouble. Even if there is no security hole today, it's very easy to imagine future changes in GUC that would unintentionally create one. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly