Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you for the quick response.

What if i can grant all the required privileges or even making the user a superuser, why do i need set_user ?

Does set_user is just to make sure users with direct privileges wont accidently modify critical information/parameters unless they set the session to elevated privileged role to perform the operation?

I am not able to find a reason why i need set_user extension?

Please advise

Thanks

On Wed, Jun 21, 2023 at 10:06 AM Holger Jakobs <holger@xxxxxxxxxx> wrote:
Am 21.06.23 um 15:33 schrieb Erik Wienhold:

Changing roles is already possible in Postgres.  You must be a member of the
target role or be a superuser in order to change roles.

This is going to change in detail as of version 16 of PostgreSQL. You may determine whether a role switch is allowed or not.

Excerpt from https://www.postgresql.org/docs/16/sql-grant.html:

"The SET option, if it is set to TRUE, allows the member to change to the granted role using the SET ROLE command. If a role is an indirect member of another role, it can use SET ROLE to change to that role only if there is a chain of grants each of which has SET TRUE. This option defaults to TRUE."



-- 
Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
--
Bhasker Bathini
[Index of Archives]     [Postgresql Home]     [Postgresql General]     [Postgresql Performance]     [Postgresql PHP]     [Postgresql Jobs]     [PHP Users]     [PHP Databases]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Forum]

  Powered by Linux