HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

Is there a way to prevent "reset role" in PostgreSQL

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
postgresqlpreventwayroletherereset

Problem

Is there a way to prevent a user from running "reset role" in PostgreSQL, and thus gaining permission he may not have ?

I have an architecture with many databases on a single server. An API connects to several databases on a local PostgreSQL server. I had planned to use Pgbouncer but it sounds like I would have to map one database/user in pgbouncer to the same database/user in PostgreSQL which sounds counter productive. Instead I would like to be able to reuse connections but have different authorization for different user upon connection.

Solution

1
RESET ROLE would just "return" you back to the role you used to login. here
also SET ROLE rolename


must be a role that the current session user is a member of

so " gaining permission he may not have" is not the case.

2
pgbouncer indeed will require such mapping.

3 to "reuse connections but have different authorization for different user upon connection." you can use set authorization which is very similar to SET ROLE.

There is no session pooler that would do it for you I believe...

Context

StackExchange Database Administrators Q#147453, answer score: 3

Revisions (0)

No revisions yet.