| From: | Dmitry Igrishin <dmitigr(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | SET SESSION AUTHORIZATION superuser limitation. |
| Date: | 2015-12-20 18:39:20 |
| Message-ID: | CAAfz9KO_HBqXZbH90Q5=v+nEsmSBYDDPH0YLnKDHB2pR3LN3iA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hackers,
There are feature which may be useful in conjunction with connection pools.
It is the ability to change the session user without creating the new
connection, like this:
(pseudo REPL):
notsuperuser > SELECT current_user, session_user;
notsuperuser notsuperuser
notsuperuser > SET SESSION AUTHORIZATION notsuperuser2 PASSWORD
'password_of_notsuperuser2';
SET SESSION AUTHORIZATION
notsuperuser2 > SELECT current_user, session_user;
notsuperuser2 notsuperuser2
notsuperuser2 > SET ROLE user3;
notsuperuser2 > SELECT current_user, session_user;
user3 notsuperuser2
According to [1], SET SESSION AUTHORIZATION can only be
used by superusers. Is it possible to extend it for use by not only
superusers?
[1]
http://www.postgresql.org/docs/9.4/static/sql-set-session-authorization.html
--
// Dmitry.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-12-20 18:47:05 | Re: SET SESSION AUTHORIZATION superuser limitation. |
| Previous Message | Tomas Vondra | 2015-12-20 17:18:03 | Re: WIP: bloom filter in Hash Joins with batches |