Is there a way to prevent “reset role” in PostgreSQL
https://dba.stackexchange.com/questions/147453
-
03-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is there a way to prevent a user from running "reset role" in PostgreSQL, and thus gaining permission he may not have ?
I have an architecture with many databases on a single server. An API connects to several databases on a local PostgreSQL server. I had planned to use Pgbouncer but it sounds like I would have to map one database/user in pgbouncer to the same database/user in PostgreSQL which sounds counter productive. Instead I would like to be able to reuse connections but have different authorization for different user upon connection.
Solution
1
RESET ROLE would just "return" you back to the role you used to login. here
also SET ROLE rolename
must be a role that the current session user is a member of
so " gaining permission he may not have" is not the case.
2 pgbouncer indeed will require such mapping.
3 to "reuse connections but have different authorization for different user upon connection." you can use set authorization which is very similar to SET ROLE.
There is no session pooler that would do it for you I believe...
