Open ns-berumalu opened 10 months ago
Hi Team, Any update on this issue
Sorry too late. Maybe some auth logic is mismatching. So we'll find why readonly doesn't applied.
And I have a question, is some reason why use 2.12 instead of 2.13?
Hi @yjy44 , we have not yet migrated to 2.13. Could you please prioritise this ticket
Thanks for the report. Currently, We are resolving this issue.
HI @seo-kw , when we can expect solution for this bug..
HI @seo-kw , when we can expect solution for this bug..
Ohh.. Currently, I'm doing it personally so, I'm not sure about the date.
Also, the only I can do currently is just PR. because I don't have any permission to push or something.
maybe needs to be merged by those who have permission.
Sorry about the bad news...!
HI @seo-kw , any update on this. Did you test this scenario.
Hi @seo-kw , any update on this issue
Hi @seo-kw , did you get chance to look at this
Hi @seo-kw , any update on this
Hi @seo-kw , any update on this
Hi Team, We have a readonly user "xy_read_only" with granted readonly role which have all select permissions on objects. But this user still able to deletes the records. Could you please check if any mistakes in the grants.
agensgraph version : agens (AgensGraph) 2.12
Below are privileges given.
CREATE ROLE readonly; ALTER ROLE readonly LOGIN; GRANT readonly TO "xy_read_only";
GRANT USAGE ON SCHEMA xyz TO readonly; GRANT SELECT ON ALL TABLES IN SCHEMA xyz TO readonly; GRANT SELECT ON ALL SEQUENCES IN SCHEMA xyz TO readonly;
Assign permissions to read all newly tables created in the future
ALTER DEFAULT PRIVILEGES IN SCHEMA xyz GRANT SELECT ON SEQUENCES TO group readonly; ALTER DEFAULT PRIVILEGES IN SCHEMA xyz GRANT SELECT ON TABLES TO group readonly; ALTER DEFAULT PRIVILEGES for user abc GRANT SELECT ON TABLES TO group readonly;
Connected to the db with xy_read_only user
prod=> set graph_path=xyz; SET prod=> MATCH (n{'property':'132'}) WHERE NOT EXISTS ((n)-[*1]-()) return n limit 1; n
application[222]{"property": "132", "ID": "xx"} (1 row)
prod=> MATCH (n{'property':'132'}) WHERE NOT EXISTS ((n)-[1]-()) delete n; UPDATE 15 prod=> MATCH (n{'property':'132'}) WHERE NOT EXISTS ((n)-[1]-()) return n limit 1; n
(0 rows)
as you can see, a read only user able to delete. Could you please check asap as its prod environment.