| From: | Andrei Zhidenkov <andrei(dot)zhidenkov(at)n26(dot)com> |
|---|---|
| To: | Michael Lewis <mlewis(at)entrata(dot)com>, tgl(at)sss(dot)pgh(dot)pa(dot)us |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Web users as database users? |
| Date: | 2020-03-11 15:00:57 |
| Message-ID: | D8BCF6CD-3C3B-4F66-A26F-17483A80C76C@n26.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I used to use a different approach:
1. Create auth() pl/python procedure as follows:
create or replace
function auth(auser_id integer) returns void as $$
GD['user_id'] = auser_id
$$ language plpythonu;
This procedure is supposed to be called after a sucesseful authorisation (in a database or on application side).
2. Create get_current_user() procedure:
create or replace
function get_current_user() returns integer as $$
return GD.get('user_id')
$$ language plpythonu stable security definer;
Now you can get current user id from every SQL query or stored procedure. It works fast because Python shared array GD is always present in memory.
> On 11. Mar 2020, at 15:46, Michael Lewis <mlewis(at)entrata(dot)com> wrote:
>
> On Fri, Sep 20, 2019 at 8:19 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us <mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us>> wrote:
> There is a restriction on how many distinct GRANTs you can
> issue against any one object --- performance will get bad if the ACL
> list gets too large.
>
>
> Any ballpark numbers here? Are we talking 50 or 8000?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Torsten Krah | 2020-03-11 15:13:27 | Re: Force WAL cleanup on running instance |
| Previous Message | Michael Lewis | 2020-03-11 14:46:08 | Re: Web users as database users? |