Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


> On 20/06/2023 13:33 CEST Bhasker Bathini <onelargepeg@xxxxxxxxx> wrote:
> Hi , i was wondering, why do i need to install set_user extension when i can
> grant all the privileges to user directly?

Are you talking about ?

I never used this extension but after skimming over the readme it looks like
a replacement for SET ROLE and SET SESSION AUTHORIZATION with logging for audit

> Is there any advantage or any scenario where i can only perform having
> set_user grants?

Changing roles is already possible in Postgres.  You must be a member of the
target role or be a superuser in order to change roles.  I don't know if the
set_user extension behaves identical to SET ROLE etc. because it also supports
whitelisting of target roles and superusers.

The extension may be relevant to you if the whitelist feature or auditing is
a requirement for your project.  But I'm not sure if the whitelist feature
bypasses the membership requirement imposed by SET ROLE or if you still have
to grant memberships to target roles.


[Index of Archives]     [Postgresql Home]     [Postgresql General]     [Postgresql Performance]     [Postgresql PHP]     [Postgresql Jobs]     [PHP Users]     [PHP Databases]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Forum]

  Powered by Linux