| From: | Bhasker Bathini <bbathini(at)gmail(dot)com> |
|---|---|
| To: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
| Cc: | Bhasker Bathini <onelargepeg(at)gmail(dot)com>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Why do i need to install set_user extension if i can directly grant all required privileges to user? |
| Date: | 2023-06-21 15:57:15 |
| Message-ID: | CAJ4vKBvpTnbuvcu1vPk3Qd3bmqSVqcYn_mfKF9i9VC0HMBKt0g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Jeff, set_user needs to be installed as per CIS benchmark standards, I see
this as more vulnerable giving to individual users.
When you know a user or application account need set of permission, you can
directly grant all the necessary privileges, why do you need to switch
account in performing any operation, I am trying to find if there is any
operation in particular that can only be done by postgres, or any super
user account to inherit its roles?
On Wed, Jun 21, 2023 at 10:55 AM Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
> On Wed, Jun 21, 2023 at 7:50 AM Bhasker Bathini <onelargepeg(at)gmail(dot)com>
> wrote:
>
>> Hi , i was wondering, why do i need to install set_user extension when i
>> can grant all the privileges to user directly?
>>
>>
> Surely you don't need to install set_user in general. Indeed, I've never
> even heard of it before.
>
> Maybe you need it for some specific use, but you didn't describe anything
> about what you are doing.
>
> Cheers,
>
> Jeff
>
>>
--
Bhasker Bathini
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Wells Oliver | 2023-06-21 16:06:05 | AWS RDS "sessions" and pg_stat_activity |
| Previous Message | Joe Conway | 2023-06-21 15:13:17 | Re: Why do i need to install set_user extension if i can directly grant all required privileges to user? |