BUG #18350: Modifying predefined roles' unlimited connections for VA STIG cybersecurity checklist

I think they mean the application connections from the UI to the backend, not backend SQL user login connection limits.

JAVA would be Hakari max_pool = 10 or something to that effect.

(I've been through this before), but you should check the requirement.

-----Original Message-----
From: Tom Lane <tgl@sss.pgh.pa.us>
Sent: Friday, February 16, 2024 1:36 PM
To: martin.nguyen@oracle.com
Cc: pgsql-bugs@lists.postgresql.org
Subject: [EXTERNAL] Re: BUG #18350: Modifying predefined roles' unlimited connections for VA STIG cybersecurity
checklist

PG Bug reporting form <noreply@postgresql.org> writes:
> We have identified an issue where predefined roles are not modifiable,
> however a Dept. of VA security checklist requires that no roles have
> unlimited connections. The Predefined roles have unlimited
> connections, is there a way to modify these?

Solution 1: explain to your compliance department that it's pointless to worry about the connection limit for a role
thatcan't log in. 

Solution 2: do a manual UPDATE on pg_authid.  This would have to be done over after any major-version upgrade, though.

            regards, tom lane