Re: Proposal: SET ROLE hook
| От | Jim Nasby |
|---|---|
| Тема | Re: Proposal: SET ROLE hook |
| Дата | |
| Msg-id | 56227426.1070006@BlueTreble.com обсуждение исходный текст |
| Ответ на | Re: Proposal: SET ROLE hook (Andres Freund <andres@anarazel.de>) |
| Список | pgsql-hackers |
On 10/16/15 12:51 PM, Andres Freund wrote: >> >Hmmm, do you mean essentially skip the "GRANT postgres to joe" and use a >> >SECURITY DEFINER C function that does the set role to postgres under the >> >covers with "GRANT EXECUTE on FUNCTION elevate_user() to joe"? > Yes. > >> >Being able to use something like that on existing versions would be >> >very nice, but it feels kind of grotty. > Hm. To me it doesn't feel too bad - security definer functions are there > to allow to do things that users would normally not be allowed to do... Tons of environments can't use C functions, and ignoring that it still feels ugly. How much harder would it be to add SET ROLE to event triggers? (Could be done in conjunction with the hook; they serve different purposes.) -- Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX Experts in Analytics, Data Architecture and PostgreSQL Data in Trouble? Get it in Treble! http://BlueTreble.com
В списке pgsql-hackers по дате отправления: