Thank you for the quick response.
What if i can grant all the required privileges or even making the user a superuser, why do i need set_user ?
Does set_user is just to make sure users with direct privileges wont accidently modify critical information/parameters unless they set the session to elevated privileged role to perform the operation?
I am not able to find a reason why i need set_user extension?
Please advise
Thanks
Am 21.06.23 um 15:33 schrieb Erik Wienhold:
Changing roles is already possible in Postgres. You must be a member of the
target role or be a superuser in order to change roles.
This is going to change in detail as of version 16 of PostgreSQL. You may determine whether a role switch is allowed or not.
Excerpt from https://www.postgresql.org/docs/16/sql-grant.html:
"The SET option, if it is set to TRUE, allows the member to change to the granted role using the SET ROLE command. If a role is an indirect member of another role, it can use SET ROLE to change to that role only if there is a chain of grants each of which has SET TRUE. This option defaults to TRUE."
--
Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
Bhasker Bathini