Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?

Thank you for the quick response.

What if i can grant all the required privileges or even making the user a
superuser, why do i need set_user ?

Does set_user is just to make sure users with direct privileges wont
accidently modify critical information/parameters unless they set the
session to elevated privileged role to perform the operation?

I am not able to find a reason why i need set_user extension?

Please advise

Thanks

On Wed, Jun 21, 2023 at 10:06 AM Holger Jakobs <holger(at)jakobs(dot)com> wrote:

> Am 21.06.23 um 15:33 schrieb Erik Wienhold:
>
>
> Changing roles is already possible in Postgres. You must be a member of the
> target role or be a superuser in order to change roles.
>
> This is going to change in detail as of version 16 of PostgreSQL. You may
> determine whether a role switch is allowed or not.
>
> Excerpt from https://www.postgresql.org/docs/16/sql-grant.html:
>
> "The SET option, if it is set to TRUE, allows the member to change to the
> granted role using the SET ROLE
> <https://www.postgresql.org/docs/16/sql-set-role.html> command. If a role
> is an indirect member of another role, it can use SET ROLE to change to
> that role only if there is a chain of grants each of which has SET TRUE.
> This option defaults to TRUE."
>
>
>
> --
> Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
>
> --
Bhasker Bathini