From: | Rene Romero Benavides <rene(dot)romero(dot)b(at)gmail(dot)com> |
---|---|
To: | "McGehee, Robert" <Robert(dot)McGehee(at)geodecapital(dot)com> |
Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Role inheritance and Conflicting Parameter Values |
Date: | 2014-06-24 01:33:24 |
Message-ID: | CANaGW08nS_mB9T=pph=6qamz3X-L5Pdg9sU-c4SzyiF2zu6_qQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
As far as I'm concerned, you cannot inherit role settings, only privileges.
http://www.postgresql.org/docs/9.3/static/role-membership.html
2014-06-23 20:12 GMT-05:00 Rene Romero Benavides <rene(dot)romero(dot)b(at)gmail(dot)com>:
> To impersonate another role, as a superuser or group member use:
> SET SESSION AUTHORIZATION user1;
>
>
> http://www.postgresql.org/docs/9.3/static/sql-set-session-authorization.html
>
> Regards.
>
>
> 2014-06-23 8:25 GMT-05:00 McGehee, Robert <Robert(dot)McGehee(at)geodecapital(dot)com
> >:
>
> Hi,
>>
>> I'm trying to set the default statement_timeout parameter for two
>> different groups of users. However, as many of the users inherit from
>> overlapping roles, I wanted to get clarification on how inheritance of
>> parameter values worked when a role inherits from other roles that all have
>> different settings for a parameter value.
>>
>>
>>
>> For instance, assume three roles: 'user1', 'role2', 'role3'. The 'user1'
>> role can login and inherits from 'role2' and 'role3'.
>>
>>
>>
>> ALTER ROLE user1 SET statement_timeout=0;
>>
>> ALTER ROLE role2 SET statement_timeout=1000;
>>
>> ALTER ROLE role3 SET statement_timeout=3000;
>>
>>
>>
>> In this scenario, which value of statement_timeout does user1 get? Also,
>> if the primary role (user1) doesn't have a value set, how is the parameter
>> inherited between role2 and role3?
>>
>>
>>
>> Also, as a superuser, can I examine the parameter values for another user
>> to make sure I set this correctly. For instance, I'd like to run a query in
>> the spirit of this invalid query: "SHOW statement_timeout FOR user1;".
>> Unfortunately, SHOW only shows my parameters, though it would be nice to
>> examine other accounts.
>>
>> Thanks, Robert
>>
>>
>>
>> *Robert McGehee, CFA*
>>
>> Geode Capital Management, LLC
>>
>> One Post Office Square, 20th Floor | Boston, MA | 02109
>>
>> Direct: (617)392-8396
>>
>>
>>
>> *This e-mail, and any attachments hereto, are intended for use by the
>> addressee(s) only and may contain information that is (i) confidential
>> information of Geode Capital Management, LLC and/or its affiliates, and/or
>> (ii) proprietary information of Geode Capital Management, LLC and/or its
>> affiliates. If you are not the intended recipient of this e-mail, or if you
>> have otherwise received this e-mail in error, please immediately notify me
>> by telephone (you may call collect), or by e-mail, and please permanently
>> delete the original, any print outs and any copies of the foregoing. Any
>> dissemination, distribution or copying of this e-mail is strictly
>> prohibited. *
>>
>>
>>
>
>
>
> --
> El genio es 1% inspiración y 99% transpiración.
> Thomas Alva Edison
> http://pglearn.blogspot.mx/
>
>
--
El genio es 1% inspiración y 99% transpiración.
Thomas Alva Edison
http://pglearn.blogspot.mx/
From | Date | Subject | |
---|---|---|---|
Next Message | Kevin Grittner | 2014-06-24 02:05:51 | Re: skipping analyze of "table1" --- lock not available? |
Previous Message | Rene Romero Benavides | 2014-06-24 01:12:30 | Re: Role inheritance and Conflicting Parameter Values |