patternsqlMinor
Is there a way to prevent "reset role" in PostgreSQL
Viewed 0 times
postgresqlpreventwayroletherereset
Problem
Is there a way to prevent a user from running "reset role" in PostgreSQL, and thus gaining permission he may not have ?
I have an architecture with many databases on a single server. An API connects to several databases on a local PostgreSQL server. I had planned to use Pgbouncer but it sounds like I would have to map one database/user in pgbouncer to the same database/user in PostgreSQL which sounds counter productive. Instead I would like to be able to reuse connections but have different authorization for different user upon connection.
I have an architecture with many databases on a single server. An API connects to several databases on a local PostgreSQL server. I had planned to use Pgbouncer but it sounds like I would have to map one database/user in pgbouncer to the same database/user in PostgreSQL which sounds counter productive. Instead I would like to be able to reuse connections but have different authorization for different user upon connection.
Solution
1
also
must be a role that the current session user is a member of
so " gaining permission he may not have" is not the case.
2
pgbouncer indeed will require such mapping.
3 to "reuse connections but have different authorization for different user upon connection." you can use set authorization which is very similar to
There is no session pooler that would do it for you I believe...
RESET ROLE would just "return" you back to the role you used to login. herealso
SET ROLE rolename must be a role that the current session user is a member of
so " gaining permission he may not have" is not the case.
2
pgbouncer indeed will require such mapping.
3 to "reuse connections but have different authorization for different user upon connection." you can use set authorization which is very similar to
SET ROLE. There is no session pooler that would do it for you I believe...
Context
StackExchange Database Administrators Q#147453, answer score: 3
Revisions (0)
No revisions yet.