Is there a way to prevent “reset role” in PostgreSQL
-
03-10-2020 - |
Question
Is there a way to prevent a user from running "reset role" in PostgreSQL, and thus gaining permission he may not have ?
I have an architecture with many databases on a single server. An API connects to several databases on a local PostgreSQL server. I had planned to use Pgbouncer but it sounds like I would have to map one database/user in pgbouncer to the same database/user in PostgreSQL which sounds counter productive. Instead I would like to be able to reuse connections but have different authorization for different user upon connection.
Solution
1
RESET ROLE
would just "return" you back to the role you used to login. here
also SET ROLE rolename
must be a role that the current session user is a member of
so " gaining permission he may not have" is not the case.
2 pgbouncer indeed will require such mapping.
3 to "reuse connections but have different authorization for different user upon connection." you can use set authorization which is very similar to SET ROLE
.
There is no session pooler that would do it for you I believe...