From: | Bhasker Bathini <bbathini(at)gmail(dot)com> |
---|---|
To: | Holger Jakobs <holger(at)jakobs(dot)com> |
Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
Subject: | Re: Why do i need to install set_user extension if i can directly grant all required privileges to user? |
Date: | 2023-06-21 14:38:34 |
Message-ID: | CAJ4vKBtLL4yU=PrEw_y+svC9bqADPhnqHW0Ma4ktZ2ehpeY_bQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Thank you for the quick response.
What if i can grant all the required privileges or even making the user a
superuser, why do i need set_user ?
Does set_user is just to make sure users with direct privileges wont
accidently modify critical information/parameters unless they set the
session to elevated privileged role to perform the operation?
I am not able to find a reason why i need set_user extension?
Please advise
Thanks
On Wed, Jun 21, 2023 at 10:06 AM Holger Jakobs <holger(at)jakobs(dot)com> wrote:
> Am 21.06.23 um 15:33 schrieb Erik Wienhold:
>
>
> Changing roles is already possible in Postgres. You must be a member of the
> target role or be a superuser in order to change roles.
>
> This is going to change in detail as of version 16 of PostgreSQL. You may
> determine whether a role switch is allowed or not.
>
> Excerpt from https://www.postgresql.org/docs/16/sql-grant.html:
>
> "The SET option, if it is set to TRUE, allows the member to change to the
> granted role using the SET ROLE
> <https://www.postgresql.org/docs/16/sql-set-role.html> command. If a role
> is an indirect member of another role, it can use SET ROLE to change to
> that role only if there is a chain of grants each of which has SET TRUE.
> This option defaults to TRUE."
>
>
>
> --
> Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
>
> --
Bhasker Bathini
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Janes | 2023-06-21 14:48:22 | Re: Question about wal_compression and what to expect |
Previous Message | Scott Ribe | 2023-06-21 14:21:17 | Re: Question about wal_compression and what to expect |