Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Thank you for the quick response.

What if i can grant all the required privileges or even making the user a superuser, why do i need set_user ?

Does set_user is just to make sure users with direct privileges wont accidently modify critical information/parameters unless they set the session to elevated privileged role to perform the operation?

I am not able to find a reason why i need set_user extension?

Please advise


On Wed, Jun 21, 2023 at 10:06 AM Holger Jakobs <holger@xxxxxxxxxx> wrote:
Am 21.06.23 um 15:33 schrieb Erik Wienhold:

Changing roles is already possible in Postgres.  You must be a member of the
target role or be a superuser in order to change roles. 

This is going to change in detail as of version 16 of PostgreSQL. You may determine whether a role switch is allowed or not.

Excerpt from

"The SET option, if it is set to TRUE, allows the member to change to the granted role using the SET ROLE command. If a role is an indirect member of another role, it can use SET ROLE to change to that role only if there is a chain of grants each of which has SET TRUE. This option defaults to TRUE."

Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
Bhasker Bathini

[Index of Archives]     [Postgresql Home]     [Postgresql General]     [Postgresql Performance]     [Postgresql PHP]     [Postgresql Jobs]     [PHP Users]     [PHP Databases]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Forum]

  Powered by Linux