| From: | Bernd Helmle <mailings(at)oopsware(dot)de> |
|---|---|
| To: | Grant Finnemore <grant(at)guruhut(dot)com>, Euler Taveira de Oliveira <euler(at)timbira(dot)com> |
| Cc: | PostgreSQL Developers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Proposal to sync SET ROLE and pg_stat_activity |
| Date: | 2008-08-28 08:04:06 |
| Message-ID: | D366E0AF519EB334417C8695@imhotep.credativ.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
--On Mittwoch, August 27, 2008 09:35:03 +0200 Grant Finnemore
<grant(at)guruhut(dot)com> wrote:
> I have a session pool, where all connections to the database are
> obtained as a superuser. On issuing connections to the client, we
> invoke either SET ROLE or SET SESSION AUTHORIZATION and switch to
> a role with less permissions. This means that we don't have to
> reserve a connection per user, and we can still use the database
> access restrictions.
But you have to ensure that your session pool is smaller than
max_connections, since this will eat up superuser_reserved_connections and
would make administrator intervention impossible under certain
circumstances.
And why do you need to hack pg_stat_activity, isn't it possible to plug
your own view in?
--
Thanks
Bernd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Grant Finnemore | 2008-08-28 08:36:37 | Re: Proposal to sync SET ROLE and pg_stat_activity |
| Previous Message | Tom Lane | 2008-08-28 05:01:52 | Re: TODO <-> Commitfest |