| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com>, PG-General Mailing List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Limiting DB access by role after initial connection? |
| Date: | 2017-06-09 13:42:34 |
| Message-ID: | d807c13e-78d3-9631-896c-3fe8a70bd7ed@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 06/08/2017 10:37 PM, Ken Tanzer wrote:
> My approach was to have the initial connection made by the owner, and
> then after successfully authenticating the user, to switch to the role
> of the site they belong to. After investigation, this still seems
> feasible but imperfect. Specifically, I thought it would be possible to
> configure such that after changing to a more restricted role, it would
> not be possible to change back. But after seeing this thread
> (http://www.postgresql-archive.org/Irreversible-SET-ROLE-td5828828.html), I'm
> gathering that this is not the case.
See set_user for a possible solution: https://github.com/pgaudit/
HTH,
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2017-06-09 14:07:24 | Re: pg_upgrade --link on Windows |
| Previous Message | Achilleas Mantzios | 2017-06-09 12:13:25 | Re: ERROR: unexpected chunk number 0 (expected 1) for toast value 76753264 in pg_toast_10920100 |