From: | Eric Hanson <eric(at)aquameta(dot)com> |
---|---|
To: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | SET ROLE x NO RESET |
Date: | 2023-12-30 16:16:59 |
Message-ID: | CACA6kxgdzt-oForijaxfXHHhnZ1WBoVGMXVwFrJqUu-Hg3C-jA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi,
What do you think of adding a NO RESET option to the SET ROLE command?
Right now Postgres can enforce data security with roles and RLS, but
role-per-end-user doesn't really scale: Db connections are per-role, so a
connection pooler can't share connections across users. We can work around
this with policies that use session variables and checks against
current_user, but it seems like role-per end user would be more beautiful.
If SET ROLE had a NO RESET option, you could connect through a connection
pooler as a privileged user, but downgrade to the user's role for the
duration of the session.
Thanks,
Eric
From | Date | Subject | |
---|---|---|---|
Next Message | Joe Conway | 2023-12-30 17:50:08 | Re: SET ROLE x NO RESET |
Previous Message | Jacob Burroughs | 2023-12-30 15:05:27 | Re: Add new protocol message to change GUCs for usage with future protocol-only GUCs |