Skip site navigation (1) Skip section navigation (2)

Re: Proposal to sync SET ROLE and pg_stat_activity

From: Bernd Helmle <mailings(at)oopsware(dot)de>
To: Grant Finnemore <grant(at)guruhut(dot)com>, Euler Taveira de Oliveira <euler(at)timbira(dot)com>
Cc: PostgreSQL Developers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Proposal to sync SET ROLE and pg_stat_activity
Date: 2008-08-28 08:04:06
Message-ID: D366E0AF519EB334417C8695@imhotep.credativ.de (view raw or flat)
Thread:
Lists: pgsql-hackers
--On Mittwoch, August 27, 2008 09:35:03 +0200 Grant Finnemore 
<grant(at)guruhut(dot)com> wrote:

> I have a session pool, where all connections to the database are
> obtained as a superuser. On issuing connections to the client, we
> invoke either SET ROLE or SET SESSION AUTHORIZATION and switch to
> a role with less permissions. This means that we don't have to
> reserve a connection per user, and we can still use the database
> access restrictions.


But you have to ensure that your session pool is smaller than 
max_connections, since this will eat up superuser_reserved_connections and 
would make administrator intervention  impossible under certain 
circumstances.

And why do you need to hack pg_stat_activity, isn't it possible to plug 
your own view in?

-- 
  Thanks

                    Bernd

Responses

pgsql-hackers by date

Next:From: Grant FinnemoreDate: 2008-08-28 08:36:37
Subject: Re: Proposal to sync SET ROLE and pg_stat_activity
Previous:From: Tom LaneDate: 2008-08-28 05:01:52
Subject: Re: TODO <-> Commitfest

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group