PostgreSQL 11 – Can I turn a schema into the wild west?

I have been given a task to set up a development database where all users able to access a given project schema (each project would have its own schema) would be able to do anything to any table, including to tables they do not own. The reason I have been asked to make the schemas a free-for-all is my supervisor does not want any time spent administering the database beyond me adding/deleting schemas. I am trying to set this up with a PostgreSQL 11 Amazon RDS.

For the test schema, in an attempt to simplify the SQL, I have created a group role and added the users working on the project (each has inherit permissions enabled) to the group. I am then granting permissions to the group at the database and schema level. My hope was that everyone in the group would be able to do anything the group can do, and do it to table(s) created by any other user in the group.

My initial attempt had limited success. I can add a table and the other users can view the table, append data to the table, edit individual cells, and delete rows. However, they are unable to delete the table I created. In addition, the users can only do that to tables I create. If another user creates a table, no one is able to even view the table, even though I set default privileges on the schema before anyone created any tables. I came across the reason for this while trying to make it work and am hoping there is a way around it.

To open things up as much as I can, I took the following actions:

  • Gave the group role full permission to the database with GRANT ALL ON DATABASE dbname TO grpname;

  • After I created the schema I ran: GRANT ALL ON SCHEMA testschema TO grpname;

    ALTER DEFAULT PRIVILEGES IN SCHEMA testschema GRANT ALL ON TABLES TO grpname;

    ALTER DEFAULT PRIVILEGES IN SCHEMA testschema GRANT ALL ON SEQUENCES TO grpname;

    ALTER DEFAULT PRIVILEGES IN SCHEMA testschema GRANT EXECUTE ON FUNCTIONS TO grpname;

To confirm the reason I found regarding why ALTER DEFAULT PRIVILEGES only gave those privileges to tables I created, I created a new schema with the group role as the owner and added tables as several users, including myself. Since the group role did not create the tables, its members did, no one could view any table other than their own, let alone modify another user’s table.

A final wrinkle involves where this development database is located. It is being added to a server group that includes our main production database so I cannot make all users a superuser. Not sure that would fix things, but thought I would mention it.

Have I missed/overlooked something that would allow a schema free-for-all?

Can’t turn off two-factor authentication using CLI

I got a new phone and didn’t save the recovery code. One day, when I tried to log in to the Heroku platform using my email and password, Heroku redirected to the https://verify.salesforce.com/v1/verify/ page and asked me to perform multi-factor authentication and enter verification code.

I can’t. So I find this documentation Recovering from lock-out

What I have tried:

  1. Contact the support account-lockout@heroku.com via email, ask them to disable my multi-factor authentication. I provided my login email and password to them. But they always reply to me like this:

Sorry, the email address you are using has not been recognized as a Heroku account.

Please log in and submit a ticket via help.heroku.com where we’ll be happy to help. If you are unable to log in, please send an email from your registered Heroku account.

If you do not have a Heroku account and need support, you can create an account in seconds.

We apologize for any inconvenience!

The Heroku Team https://heroku.com

  1. The documentation said:

If you have a valid CLI session on your computer, you can use the CLI to turn off two-factor authentication with the command heroku 2fa:disable. Here too, you will be asked for your password.

So I tried to disable multi-factor authentication using heroku CLI.

☁  heroku 2fa:disable (node:42222) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification. Disabling 2fa on novaline@aliyun.com... ? Password: ************ Disabling 2fa on novaline@aliyun.com... done 

Looks like it worked. But when I tried to log in to the Heroku platform again, it still redirected me to the multi-factor authentication page – https://verify.salesforce.com/v1/verify/

Am I the only one with this problem?

Do Abjure Enemy effects last only one turn?

I play the Oath of Vengeance paladin and have came across a problem.

There is the Channel Divinity: Abjure Enemy description, which states:

As an action, you present your holy symbol and speak a prayer of denunciation, using your Channel Divinity. Choose one creature within 60 feet of you that you can see. That creature must make a Wisdom saving throw, unless it is immune to being frightened. Fiends and undead have disadvantage on this saving throw.

On a failed save, the creature is frightened for 1 minute or until it takes any damage. While frightened, the creature’s speed is 0, and it can’t benefit from any bonus to its speed.

On a successful save, the creature’s speed is halved for 1 minute or until the creature takes any damage.

It sounds pretty good, but does anything forbid an abjured enemy from simply harming himself on his turn?

is it possible to use a net and shove in the same turn? [duplicate]

My PC has multiple attacks. I would like to know if it is possible to hit with a net (first attack) and then shove the opponent (second attack). Apparently using a net prevents to make a second attack; on the other hand, shove is not properly an attack. Thanks for the replies 🙂

Net:

When you use an action, Bonus Action, or Reaction to Attack with a net, you can make only one Attack regardless of the number of attacks you can normally make.

Shove:

Using the Attack action, you can make a Special melee Attack to shove a creature, either to knock it prone or push it away from you. If you’re able to make multiple attacks with the Attack action, this Attack replaces one of them.

Giving NPC Priests Turn Undead

Last night the party was adventuring in Curse of Strahd.
In the previous session they had acquired the module-specific magic item

and given it to an NPC accompanying them,

In last night’s session the NPC was able to attune to the item, unlocking among its other powers the ability

Bane of the Undead. You can use the icon as a holy symbol while using the Turn Undead or Turn the Unholy feature. If you do so, increase the save DC by 2.

As I understand it, this power can be used only by those who already can Turn Undead. And this particular NPC does not have the Turn the Undead feature. At first I thought this was because he appeared to be a named NPC Acolyte, a 1st level Spellcaster, while PC Clerics don’t get Channel Divinity (Turn the Undead) until second level. So I checked the Priest Stat Block, since another important NPC

uses the Priest Stat Block. I was surprised to find that, as written, the standard Priest NPC does not have the Turn the Undead feature either. Nor does the War Priest NPC in VGtM.

I am, in general, wary of giving NPCs PC abilities, as the game should be focused on the PCs as exceptional individuals. And I don’t think that every NPC Priest needs this ability. However, these particular priests follow the Morninglord (Lathander), a deity who is opposed to undead. And given the setting (Barovia), protecting their congregations from undead is a central part of their ministry. Thus I think it is reasonable to give this particular NPC Priest the ability, as usable by PC Clerics (one use per long or short rest). For the NPC Acolyte, I am considering granting him the ability to Turn Undead by expending a spell slot, as a sort of reverse case of the "Harness Divine Power" found in TCoE.

So, what am I missing? Is granting the ability to NPC Priests and Acolytes to Turn Undead in setting-specific instances unbalanced? Normally unbalanced would mean the new power would justify an increase in their CR but as these are not PC-antagonists here it might mean that the ability will somehow detract from the experience of the players or reduce the challenge to them significantly. Are there any complications I should be aware of? For example something specific to this module that would make this a bad idea. A good answer will provide official examples of other NPCs or monsters who do have this ability, either in standard Stat Blocks or module-specific adjusted ones, if there are any.

Can you use the Ranger Slayer’s Prey Twice a turn? [duplicate]

From Xanathars:

Slayer’s Prey Starting at 3rd level, you can focus your ire on one foe, increasing the harm you inflict on it. As a bonus action, you designate one creature you can see within 60 feet of you as the target of this feature. The first time each turn that you hit that target with a weapon attack, it takes an extra 1d6 damage from the weapon.

It says you that the first time each turn that you hit THAT target you deal 1d6, so, that being said, can you:

Turn 1: Mark a creature with Slayer Prey Turn 2: Hit the creature with Slayer Prey, gaining the 1d6 bonus damage, design another creature with Slayers Prey and gain the 1d6 bonus damage again?

My thoughts are: You are hiting the secord creature for the first time in this turn, so this should work, right?

Do the Illusionist’s Bracers with the War Caster feat let you take a bonus action on somebody else’s turn? [duplicate]

So basically this answer states:

[…] The War Caster feat says:

When a hostile creature’s movement provokes an opportunity attack from you, you can use your reaction to cast a spell at the creature, rather than making an opportunity attack. The spell must have a casting time of 1 action and must target only that creature.

The current text of Illusionist’s Bracers says:

While wearing the bracers, whenever you cast a cantrip, you can use a bonus action on the same turn to cast that cantrip a second time. […]

[…] So read Illusionist’s Bracers again, and it sure looks like this:

  1. On a creature’s turn, the creature provokes an opportunity attack from a war caster with Illusionist’s Bracers.
  2. The war caster casts a cantrip at the creature as a reaction.
  3. The Illusionist’s Bracers grants a bonus action to the war caster that can be used on that same turn.
  4. The war caster casts the cantrip again with that bonus action, not on the war caster’s turn. […]

Really my question is simply whether or not this is correct. If something would let you take a bonus action when it is not your turn, can you take that bonus action?

Can you use a Bonus Action on a turn other than your own?

The rules for Bonus Actions (PHB, pg.189) state;

You can take only one bonus action on your turn…

Which to me can be read in two ways.

  1. You can only take a bonus action if it is your turn.
  2. You can take only one bonus action on your turn but can take one or more on someone else’s turn.

As an example, if I were to ready an attack action could I also use a bonus action for Two-Weapon Fighting when the trigger is met?