Am 21.06.23 um 15:33 schrieb Erik Wienhold:
Changing roles is already possible in Postgres. You must be a member of the target role or be a superuser in order to change roles.
This is going to change in detail as of version 16 of PostgreSQL. You may determine whether a role switch is allowed or not.
Excerpt from https://www.postgresql.org/docs/16/sql-grant.html:
SEToption, if it is set to
TRUE, allows the member to change to the granted role using the
SET ROLEcommand. If a role is an indirect member of another role, it can use
SET ROLEto change to that role only if there is a chain of grants each of which has
SET TRUE. This option defaults to
-- Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
Thank you for the quick response.
What if i can grant all the required privileges or even making the user a superuser, why do i need set_user ?
Does set_user is just to make sure users with direct privileges wont accidently modify critical information/parameters unless they set the session to elevated privileged role to perform the operation?
I am not able to find a reason why i need set_user extension?
On Wed, Jun 21, 2023 at 10:06 AM Holger Jakobs <holger@xxxxxxxxxx> wrote: