On 11/13/24 12:29, Alvaro Herrera wrote:
On 2024-Nov-13, Vijaykumar Jain wrote:
I tried to grant select permissions to 5000 different roles on one table,
It failed with row size too big already at 2443.
But you can grant select to one "reader" role, and grant that one role
to however many other roles you want. This way you can have an
arbitrary number of roles with indirect access to the table. In
real-world usage, this is more convenient that granting access to
individual roles on individual tables; likely, you'll grant access to
sets of tables/views/functions/etc rather than exactly one, and you can
manage that more easily if you have one intermediate role to modify than
if you have to mess with 5000 individual roles.
Exactly! In the later versions, security gets more and more refined and
strengthened. So ppl should think about moving away from "public" , and
start implementing finer grained schemes of security, as you suggest. +
\dp shows prettier than having 1000+ users listed.