Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?

From: Holger Jakobs <holger(at)jakobs(dot)com>
To: pgsql-admin(at)lists(dot)postgresql(dot)org
Subject: Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?
Date: 2023-06-21 14:06:11
Message-ID: 44912597-d81a-aece-2222-5a2e116dc0e1@jakobs.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Am 21.06.23 um 15:33 schrieb Erik Wienhold:
>
> Changing roles is already possible in Postgres. You must be a member of the
> target role or be a superuser in order to change roles.

This is going to change in detail as of version 16 of PostgreSQL. You
may determine whether a role switch is allowed or not.

Excerpt from https://www.postgresql.org/docs/16/sql-grant.html:

"The |SET| option, if it is set to |TRUE|, allows the member to change
to the granted role using the |SET ROLE|
<https://www.postgresql.org/docs/16/sql-set-role.html> command. If a
role is an indirect member of another role, it can use |SET ROLE| to
change to that role only if there is a chain of grants each of which has
|SET TRUE|. This option defaults to |TRUE|."

--
Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Scott Ribe 2023-06-21 14:21:17 Re: Question about wal_compression and what to expect
Previous Message Sean O'Grady 2023-06-21 14:04:28 Re: Question about wal_compression and what to expect