| From: | Matt Andrews <mattandrews(at)massey(dot)com(dot)au> |
|---|---|
| To: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Users, Roles and Connection Pooling |
| Date: | 2019-10-01 22:46:22 |
| Message-ID: | CAPeDGQ5XeuHKmp5LPcJ2AXiuUiS8+3n+xvsQoordz7GnHEenfQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hey all,
Here’s a question I’ve been asking for a while and just can’t find an
answer to, so I thought I’d ask it here. The answer could be subjective,
but here goes...
When a web app connects to Postgres via a connection pooler, what is the
best way to manage privileges for the connecting user? Especially when
their is a complex hierarchy of privileges?
Should each signed up user have their own role which inherits from
whichever roles they are members of? This means that the connection pool
role should then be granted in every user?
Does creating a Postgres role for every app user scale? Roles can only have
names, is an email address a good name for individual app users?
Are their any resources out there that anyone knows of that addresses these
questions?
There’s plenty of stuff out there on roles and permissions, I’ve read a lot
of it, but not much on dealing with individual app users through a
connection pool.
I’m thinking that any queries should start with SET ROLE ‘username’ and end
with RESET ROLE. Is this how it could work?
Any help would be greatly appreciated.
--
Matt Andrews
0400 990 131
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2019-10-02 06:16:51 | Re: pg_receivexlog or archive_command |
| Previous Message | Joe Horsnell | 2019-10-01 19:25:37 | Re: Behaviour adding a column with and without a default (prior to PG11) |