Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?

> On 20/06/2023 13:33 CEST Bhasker Bathini <onelargepeg@gmail.com> wrote:
>
> Hi , i was wondering, why do i need to install set_user extension when i can
> grant all the privileges to user directly?

Are you talking about https://github.com/pgaudit/set_user ?

I never used this extension but after skimming over the readme it looks like
a replacement for SET ROLE and SET SESSION AUTHORIZATION with logging for audit
purposes.

> Is there any advantage or any scenario where i can only perform having
> set_user grants?

Changing roles is already possible in Postgres.  You must be a member of the
target role or be a superuser in order to change roles.  I don't know if the
set_user extension behaves identical to SET ROLE etc. because it also supports
whitelisting of target roles and superusers.

The extension may be relevant to you if the whitelist feature or auditing is
a requirement for your project.  But I'm not sure if the whitelist feature
bypasses the membership requirement imposed by SET ROLE or if you still have
to grant memberships to target roles.

--
Erik