| From: | rob stone <floriparob(at)tpg(dot)com(dot)au> |
|---|---|
| To: | Calvin Guo <newoakllc2023(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: set role command |
| Date: | 2025-11-24 12:06:20 |
| Message-ID: | f277a82d40a56c574b6c371c413be8ea8cbb46ac.camel@tpg.com.au |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 2025-11-24 at 16:15 +0800, Calvin Guo wrote:
> I feel that set role logic is kindof misleading.
>
> I am a superuser, admin,
> I do:
> set role usera
> Now I am under the security context of usera, so I think running any
> sql is safe as long as it's allowed by usera.
>
> Which is not the case!
> as usera can do:
> set role userb; other sql,
> or
> reset role; orther sql,
> it turns out it's not safe at all, the sql can easily get access
> right of the super user. it can impernate userb though they do not
> have any relationship whatso ever.
>
> I really feel, once you "set role usera", you should behave like
> usera, you should NOT have the power say: hi, I can assume my super
> user power whenever I want. As this make the "set role usera" pretty
> much useless.
>
> It's unsafe!
Hello,
firstly you have to create a role usera and in doing so give it the
privileges you want usera to have. You can also restrict its privileges
by specifying the NO* range of options.
So, if you are logged in as userb, say, doing "set role usera" simply
switches you out of userb into usera, and you behave as usera in that
session.
HTH,
Rob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Calvin Guo | 2025-11-24 12:18:18 | Re: set role command |
| Previous Message | Christoph Pieper | 2025-11-24 11:27:56 | Schema design: user account deletion vs. keeping family tree data |