Re: BUG #18350: Modifying predefined roles' unlimited connections for VA STIG cybersecurity checklist

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: martin(dot)nguyen(at)oracle(dot)com
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: BUG #18350: Modifying predefined roles' unlimited connections for VA STIG cybersecurity checklist
Date: 2024-02-16 21:35:51
Message-ID: 3525669.1708119351@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
> We have identified an issue where predefined roles are not modifiable,
> however a Dept. of VA security checklist requires that no roles have
> unlimited connections. The Predefined roles have unlimited connections, is
> there a way to modify these?

Solution 1: explain to your compliance department that it's pointless
to worry about the connection limit for a role that can't log in.

Solution 2: do a manual UPDATE on pg_authid. This would have to
be done over after any major-version upgrade, though.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Wetmore, Matthew (CTR) 2024-02-16 21:39:05 BUG #18350: Modifying predefined roles' unlimited connections for VA STIG cybersecurity checklist
Previous Message David G. Johnston 2024-02-16 21:32:11 Re: BUG #18350: Modifying predefined roles' unlimited connections for VA STIG cybersecurity checklist