| From: | Eric Hanson <eric(at)aquameta(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SET ROLE x NO RESET |
| Date: | 2024-01-05 17:48:03 |
| Message-ID: | CACA6kxixHRnk0DgzHOduptOvhF7tk8YcLUFZTh3yFWGPRcDDVQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Dec 30, 2023 at 11:50 AM Joe Conway <mail(at)joeconway(dot)com> wrote:
> In the meantime, in case it helps, see
>
> https://github.com/pgaudit/set_user
>
> Specifically set_session_auth(text):
> -------------
> When set_session_auth(text) is called, the effective session and current
> user is switched to the rolename supplied, irrevocably. Unlike
> set_user() or set_user_u(), it does not affect logging nor allowed
> statements. If set_user.exit_on_error is "on" (the default), and any
> error occurs during execution, a FATAL error is thrown and the backend
> session exits.
>
This helps, but has the downside (of course) of being a compiled extension
which limits its use on hosted services and such unless they decide to
support it.
Would be really great if pooling could co-exist with per-user roles
somehow, I'm not the best to weigh in on how, but it's bottlenecking the
whole space of using roles per-user, and AFAICT this pattern would
otherwise be totally feasible and awesome, with all the progress that's
been made in this space.
Eric
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2024-01-05 17:49:29 | Re: pg_get_indexdef() modification to use TxnSnapshot |
| Previous Message | Nathan Bossart | 2024-01-05 17:46:20 | Re: verify predefined LWLocks have entries in wait_event_names.txt |