knadh/listmonk
1
1
Fork 0
mirror of https://github.com/knadh/listmonk.git synced 2025-10-06 05:16:48 +08:00
Code Issues Projects Releases Packages Wiki Activity

Expand the warning on subscribers:sql_query permission on arbitrary SQL functions.

Browse source
This commit is contained in:
Kailash Nadh 2025-09-09 22:59:45 +05:30
parent 6d99316528
commit e27a3904c6
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/docs/content/roles-and-permissions.md
View file

@ -12,7 +12,7 @@ A user role is a collection of user related permissions. User roles are attached
| | subscribers:get_all | Get all subscribers and their details |
| | subscribers:manage | Add, update, and delete subscribers |
| | subscribers:import | Import subscribers from external files |
| | subscribers:sql_query | Run SQL queries on subscriber data. **WARNING:** This permission will allow the querying of all lists and subscribers directly from the database with SQL expressions, superceding individual list and subscriber permissions above. |
| | subscribers:sql_query | Run raw SQL queries on subscriber data. **WARNING:** This permission allows execution of arbitrary SQL expressions and SQL functions. While it is a readonly feature designed to allow querying of all lists and subscribers directly from the database superceding individual list and subscriber permissions above, raw SQL expressions makes it possible to obtain Postgres database configuration such as version and paths. Give this permission only to trusted users. |
| | tx:send | Send transactional messages to subscribers |
| campaigns | campaigns:get | Get and view campaigns belonging to permitted lists |
| | campaigns:get_all | Get and view campaigns across all lists |