Compare commits

...

7 Commits

Author SHA1 Message Date
cede091499
readme index 2022-05-12 10:42:58 +02:00
0b7982acdd
readme index 2022-05-12 10:42:29 +02:00
731b1af845
readme index 2022-05-12 10:41:40 +02:00
78413a5eab
readme index 2022-05-12 10:39:15 +02:00
748a179781
readme index 2022-05-12 10:37:40 +02:00
d51a0e1650
readme index 2022-05-12 10:36:16 +02:00
beeaf571aa
readme improvements 2022-05-12 10:31:10 +02:00

View File

@ -1,5 +1,15 @@
# PostgreSQL expiration date management functions # PostgreSQL expiration date management functions
## Table of Contents
1. [TOC](README.md#postgresql-expiration-date-management-functions)
1. [Description](README.md#description)
2. [Instructions](README.md#instructions)
3. [Helper script](README.md#helper-script)
4. [RDS considerations](README.md#rds-considerations)
5. [Security considerations](README.md#security-considerations)
## Description ## Description
This project tries to find a way to allow users the management of the `VALID UNTIL` expiration clause by themself. This project tries to find a way to allow users the management of the `VALID UNTIL` expiration clause by themself.
@ -78,8 +88,15 @@ There's a `passchanger_rds.sql` file which should be used instead of the normal
For updates you should change the owner of the `change_valid_until` to the database _owner_: For updates you should change the owner of the `change_valid_until` to the database _owner_:
``` ```
ALTER FUNCTION dba.change_my_password(text) OWNER TO _DATABASEOWNER; ALTER FUNCTION dba.change_valid_until(text) OWNER TO _DATABASEOWNER;
``` ```
Modify `_DATABASEOWNER` according your admin username... Modify `_DATABASEOWNER` according your admin username...
## Security considerations
* Non-RDS `change_valid_until` function does not uses `ALTER USER` to modify `VALID UNTIL`, it makes an `update pg_catalog.pg_authid set rolvaliduntil` instead, so the `dba` user has only grant over that table/column instead of granting additional permissions to him.
* RDS `change_valid_until` should run as the database owner, is the only way to make this work as you can't access `pg_catalog.pg_authid` on rds, it uses `ALTER USER ... VALID UNTIL` instead.