2017-12-07 17:01 GMT+01:00 Tom Lane <tgl@xxxxxxxxxxxxx>:
=?UTF-8?Q?Ulf_Lohbr=C3=BCgge?= <ulf.lohbruegge@xxxxxxxxx> writes:
> I could reproduce part of the things I described earlier in this thread. A
> guy named Andriy Senyshyn mailed me after reading this thread here (he
> could somehow not join the mailing list) and observed a difference when
> issuing "SET ROLE" as user postgres and as a non-superuser.
This isn't particularly surprising in itself. When we know that the
session user is a superuser, SET ROLE just succeeds immediately.
Otherwise we have to determine whether the SET is allowed, ie, is
the session user a member of the specified role.
It looks like the first time such a question is asked within a session,
we build and cache a list of all the roles the session user is a member
of (directly or indirectly). That's what's taking the time here ---
apparently in your test case, the "admin" role is a member of a whole lot
of roles?
Yes, the user "admin" is member of more than 1k roles.
So this cache will not invalidate during the lifetime of the session unless a new role is added, I guess?
Is there any locking involved when this cache gets invalidated? Could this be a source for my earlier observed slow executions?
Regards,
Ulf
