Re: Role inheritance and Conflicting Parameter Values

As far as I'm concerned, you cannot inherit role settings, only privileges.

http://www.postgresql.org/docs/9.3/static/role-membership.html

2014-06-23 20:12 GMT-05:00 Rene Romero Benavides <rene(dot)romero(dot)b(at)gmail(dot)com>:

> To impersonate another role, as a superuser or group member use:
> SET SESSION AUTHORIZATION user1;
>
>
> http://www.postgresql.org/docs/9.3/static/sql-set-session-authorization.html
>
> Regards.
>
>
> 2014-06-23 8:25 GMT-05:00 McGehee, Robert <Robert(dot)McGehee(at)geodecapital(dot)com
> >:
>
> Hi,
>>
>> I'm trying to set the default statement_timeout parameter for two
>> different groups of users. However, as many of the users inherit from
>> overlapping roles, I wanted to get clarification on how inheritance of
>> parameter values worked when a role inherits from other roles that all have
>> different settings for a parameter value.
>>
>>
>>
>> For instance, assume three roles: 'user1', 'role2', 'role3'. The 'user1'
>> role can login and inherits from 'role2' and 'role3'.
>>
>>
>>
>> ALTER ROLE user1 SET statement_timeout=0;
>>
>> ALTER ROLE role2 SET statement_timeout=1000;
>>
>> ALTER ROLE role3 SET statement_timeout=3000;
>>
>>
>>
>> In this scenario, which value of statement_timeout does user1 get? Also,
>> if the primary role (user1) doesn't have a value set, how is the parameter
>> inherited between role2 and role3?
>>
>>
>>
>> Also, as a superuser, can I examine the parameter values for another user
>> to make sure I set this correctly. For instance, I'd like to run a query in
>> the spirit of this invalid query: "SHOW statement_timeout FOR user1;".
>> Unfortunately, SHOW only shows my parameters, though it would be nice to
>> examine other accounts.
>>
>> Thanks, Robert
>>
>>
>>
>> *Robert McGehee, CFA*
>>
>> Geode Capital Management, LLC
>>
>> One Post Office Square, 20th Floor | Boston, MA | 02109
>>
>> Direct: (617)392-8396
>>
>>
>>
>> *This e-mail, and any attachments hereto, are intended for use by the
>> addressee(s) only and may contain information that is (i) confidential
>> information of Geode Capital Management, LLC and/or its affiliates, and/or
>> (ii) proprietary information of Geode Capital Management, LLC and/or its
>> affiliates. If you are not the intended recipient of this e-mail, or if you
>> have otherwise received this e-mail in error, please immediately notify me
>> by telephone (you may call collect), or by e-mail, and please permanently
>> delete the original, any print outs and any copies of the foregoing. Any
>> dissemination, distribution or copying of this e-mail is strictly
>> prohibited. *
>>
>>
>>
>
>
>
> --
> El genio es 1% inspiración y 99% transpiración.
> Thomas Alva Edison
> http://pglearn.blogspot.mx/
>
>

--
El genio es 1% inspiración y 99% transpiración.
Thomas Alva Edison
http://pglearn.blogspot.mx/