Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tBBIY-002JpF-7j
	for pgsql-general@arkaria.postgresql.org; Wed, 13 Nov 2024 11:12:33 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tBBIV-00DWNF-Ga
	for pgsql-general@arkaria.postgresql.org; Wed, 13 Nov 2024 11:12:32 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <a.mantzios@cloud.gatewaynet.com>)
	id 1tBBIV-00DWN7-5k
	for pgsql-general@lists.postgresql.org; Wed, 13 Nov 2024 11:12:31 +0000
Received: from cloud.gatewaynet.com ([185.90.37.94])
	by makus.postgresql.org with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <a.mantzios@cloud.gatewaynet.com>)
	id 1tBBIS-001edr-On
	for pgsql-general@lists.postgresql.org; Wed, 13 Nov 2024 11:12:30 +0000
Message-ID: <3a93d9b1-e2a1-4d33-b9fc-702b8d43cdba@cloud.gatewaynet.com>
Date: Wed, 13 Nov 2024 13:12:24 +0200
MIME-Version: 1.0
Subject: Re: Fwd: A million users
To: pgsql-general@lists.postgresql.org
References: <202411131029.qchduffwgzhm@alvherre.pgsql>
Content-Language: en-US
From: Achilleas Mantzios - cloud <a.mantzios@cloud.gatewaynet.com>
In-Reply-To: <202411131029.qchduffwgzhm@alvherre.pgsql>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/3a93d9b1-e2a1-4d33-b9fc-702b8d43cdba%40cloud.gatewaynet.com>
Precedence: bulk


On 11/13/24 12:29, Alvaro Herrera wrote:
> On 2024-Nov-13, Vijaykumar Jain wrote:
>
>> I tried to grant select permissions to 5000 different roles on one table,
>> It failed with row size too big already at 2443.
> But you can grant select to one "reader" role, and grant that one role
> to however many other roles you want.  This way you can have an
> arbitrary number of roles with indirect access to the table.  In
> real-world usage, this is more convenient that granting access to
> individual roles on individual tables; likely, you'll grant access to
> sets of tables/views/functions/etc rather than exactly one, and you can
> manage that more easily if you have one intermediate role to modify than
> if you have to mess with 5000 individual roles.

Exactly! In the later versions, security gets more and more refined and 
strengthened. So ppl should think about moving away from "public" , and 
start implementing finer grained schemes of security, as you suggest. + 
\dp shows prettier than having 1000+ users listed.

>