| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Re: Proposal: SET ROLE hook |
| Date: | 2015-10-16 17:51:44 |
| Message-ID: | 20151016175143.GN6851@awork2.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2015-10-16 10:30:20 -0700, Joe Conway wrote:
> On 10/16/2015 09:28 AM, Andres Freund wrote:
> > Alternatively you can just have a elevate_user() function that does the
> > logging and escalating? That seems like the same amount of code and it'd
> > work with released versions of postgres?
> >
> > Sure, that has some disadvantages over your approach, but for the
> > presented use case with humans needing to escalate I don't see any.
>
> Hmmm, do you mean essentially skip the "GRANT postgres to joe" and use a
> SECURITY DEFINER C function that does the set role to postgres under the
> covers with "GRANT EXECUTE on FUNCTION elevate_user() to joe"?
Yes.
> Being able to use something like that on existing versions would be
> very nice, but it feels kind of grotty.
Hm. To me it doesn't feel too bad - security definer functions are there
to allow to do things that users would normally not be allowed to do...
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jinyu Zhang | 2015-10-16 18:00:13 | Re: Patch: Optimize memory allocation in function 'bringetbitmap' |
| Previous Message | Jerry Sievers | 2015-10-16 17:47:37 | Re: Proposal: SET ROLE hook |