| From: | Steve Chavez <steve(at)supabase(dot)io> | 
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org | 
| Subject: | Allow placeholders in ALTER ROLE w/o superuser | 
| Date: | 2022-06-06 04:20:38 | 
| Message-ID: | CAGRrpzawQSbuEedicOLRjQRCmSh6nC3HeMNvnQdBVmPMg7AvQw@mail.gmail.com | 
| Views: | Whole Thread | Raw Message | Download mbox | Resend email | 
| Thread: | |
| Lists: | pgsql-hackers | 
Hello hackers,
Using placeholders for application variables allows the use of RLS for
application users as shown in this blog post
https://www.2ndquadrant.com/en/blog/application-users-vs-row-level-security/
.
  SET my.username = 'tomas'
   CREATE POLICY chat_policy ON chat
      USING (current_setting('my.username') IN (message_from, message_to))
      WITH CHECK (message_from = current_setting('my.username'))
This technique has enabled postgres sidecar services(PostgREST,
PostGraphQL, etc) to keep the application security at the database level,
which has worked great.
However, defining placeholders at the role level require superuser:
  alter role myrole set my.username to 'tomas';
  ERROR:  permission denied to set parameter "my.username"
Which is inconsistent and surprising behavior. I think it doesn't make
sense since you can already set them at the session or transaction
level(SET LOCAL my.username = 'tomas'). Enabling this would allow sidecar
services to store metadata scoped to its pertaining role.
I've attached a patch that removes this restriction. From my testing, this
doesn't affect permission checking when an extension defines its custom GUC
variables.
   DefineCustomStringVariable("my.custom", NULL, NULL,  &my_custom,  NULL,
      PGC_SUSET, ..);
Using PGC_SUSET or PGC_SIGHUP will fail accordingly. Also no tests fail
when doing "make installcheck".
---
Steve Chavez
Engineering at https://supabase.com/
| Attachment | Content-Type | Size | 
|---|---|---|
| 0001-Allow-placeholders-in-ALTER-ROLE-w-o-superuser.patch | text/x-patch | 2.1 KB | 
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2022-06-06 04:58:40 | Re: Rewriting the test of pg_upgrade as a TAP test - take three - remastered set | 
| Previous Message | Michael Paquier | 2022-06-06 04:17:52 | Re: [v15 beta] pg_upgrade failed if earlier executed with -c switch |