| From: | pg254kl(at)georgiou(dot)vip |
|---|---|
| To: | Calvin Guo <newoakllc2023(at)gmail(dot)com>,"pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: set role command |
| Date: | 2025-11-24 22:30:14 |
| Message-ID: | 176402341688.7.8547269556353940402.1025478372@georgiou.vip |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Just because you did set role does not mean you lost your superuser
privileges, it's correct behavior.
If you want to impersonate in a permissions sandbox it's easy:
create role usera_sandbox in group usera;
\c - usera_sandbox
--
regards,
Kiriakos Georgiou
On 11/24/25 3:15 AM, Calvin Guo - newoakllc2023 at gmail.com wrote:
> I feel that set role logic is kindof misleading.
>
> I am a superuser, admin,
> I do:
> set role usera
> Now I am under the security context of usera, so I think running any
> sql is safe as long as it's allowed by usera.
>
> Which is not the case!
> as usera can do:
> set role userb; other sql,
> or
> reset role; orther sql,
> it turns out it's not safe at all, the sql can easily get access right
> of the super user. it can impernate userb though they do not have any
> relationship whatso ever.
>
> I really feel, once you "set role usera", you should behave like
> usera, you should NOT have the power say: hi, I can assume my super
> user power whenever I want. As this make the "set role usera" pretty
> much useless.
>
> It's unsafe!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew | 2025-11-25 13:46:08 | Wal streaming |
| Previous Message | pg254kl | 2025-11-24 21:51:35 | Re: Schema design: user account deletion vs. keeping family tree data |