Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 6/21/23 10:38, Bhasker Bathini wrote:
Thank you for the quick response.

What if i can grant all the required privileges or even making the user a superuser, why do i need set_user ?

Does set_user is just to make sure users with direct privileges wont accidently modify critical information/parameters unless they set the session to elevated privileged role to perform the operation?

I am not able to find a reason why i need set_user extension?

There are two main use cases for set_user:

1/ Allow an unprivileged admin role to escalate to superuser, but (to the extent possible) ensure every command issued is logged for audit purposes. It can also block things like COPY PROGRAM and ALTER SYSTEM that might allow them to do things you do not wish to allow. Once escalated, there are ways they could bypass the controls, but the act of bypassing itself would get logged, so if you monitor and alert you would catch it.

2/ Allow a single unprivileged role to be used to switch to other unprivileged roles, without having to grant all of them, and with the ability to set a random token so that switching back (and thus to indirectly other roles) requires the token. Think in terms of a web app that uses a single role to log in but then switches to a actual users role. Or a proxy or load balancer of sorts.

Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services:

[Index of Archives]     [Postgresql Home]     [Postgresql General]     [Postgresql Performance]     [Postgresql PHP]     [Postgresql Jobs]     [PHP Users]     [PHP Databases]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Forum]

  Powered by Linux