Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vNW8j-0059Tr-0i for pgsql-general@arkaria.postgresql.org; Mon, 24 Nov 2025 12:57:57 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vNW8g-000sZi-1P for pgsql-general@arkaria.postgresql.org; Mon, 24 Nov 2025 12:57:54 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vNW8g-000sZZ-0G for pgsql-general@lists.postgresql.org; Mon, 24 Nov 2025 12:57:54 +0000 Received: from mail-ej1-x641.google.com ([2a00:1450:4864:20::641]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vNW8d-001ER7-2j for pgsql-general@lists.postgresql.org; Mon, 24 Nov 2025 12:57:53 +0000 Received: by mail-ej1-x641.google.com with SMTP id a640c23a62f3a-b739ef3f739so229979166b.1 for ; Mon, 24 Nov 2025 04:57:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec.at; s=google; t=1763989070; x=1764593870; darn=lists.postgresql.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date :message-id:reply-to; bh=vZmOgpI9yR3PkX6biNICDeIAXL2EvACSc/XpQMe3Y+E=; b=HJZg7Fb/5yTeMZi/L8FJ646+qSCSlUeFdOl0fo5oi0QvQrWnh0mDTFgpetaOIce8wS mbGoht9SQ/9MInlSooPkeg6mh2d6+TuKaS2tkE7XXJG+0CssrOIH7ZJ7DPGxr7d0wM24 Ozam7xkrp8FA7ag7eoWrt1MSFlfLrrN5+QpLEpRVQ6+efVhlEOkKWjGKwgwG+AkYStle rne/eSsUYMbv98ROSlHUv0J0aZXsLVxw3mAx2RnuErGIEFrKZOG9JLvH24kRdQ+K2HkP rnedysamH8dBWZ5X5k1c26w1lowC/gMnzHWIG3TyTTN2x/rebM6+iTk3n9QStOApJgrP W9Wg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763989070; x=1764593870; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vZmOgpI9yR3PkX6biNICDeIAXL2EvACSc/XpQMe3Y+E=; b=EPV3hItQp3w3WlzCP5J9vJJW9yBE5D+hyHQsby30tOvRu7HvJcM+rY4es7j9egwsT5 DOxAw3qpIOQlAvKlPf1TBMWSPS0jN+396SRGnglLzf9JtI3LktWOIayffs0hJJ0mc/Qr q2B7vMEwz7whR5G3zLGeQauxTzIonoCUkfanRX2771GwBj8sT+Jf1lt0ClfhrqmHsXLv nn9muDQRFrnIyiGabb/1KQNHVz84QMlmT5XTlZDDNOXtmJhhP+t8u7YCA9RBiyyUU7g+ vOiRIDuqdr+IeLBCogZOQ0qZTirEUQfwdxv+K3rZPHN1TjPiglYeKIFGWLsuHRXUphIO i65g== X-Forwarded-Encrypted: i=1; AJvYcCWf++OiGmQicLvTtI5knFQ8W3bNpN+m3WFORlmH1TcV6idh/2JcIPwkW8dEn47kyhpODt85C4+AzVjiwXZ2@lists.postgresql.org X-Gm-Message-State: AOJu0Yzh/XsWgoQGEznhlMJ/Bh0hl37O6m/MPFKCS7SiSGHfxG1hwPFf I2YHX/yF4mg1MbGFHgmN0TkIiS0S7yRiB9fSIcMSmiEFdM6WlscXSKLHXD5ZyPWD3Hg= X-Gm-Gg: ASbGncuvXc5m1SHMH+8JtyZjavbUPpufpo8Azclnk58pdaiP0HoriE5nLKCBDDGFat5 IXemr2dWhlYnfCAZKJJy6zrUAdbyO27hWZJRw2U9nR/1A/4HsEOh6d0LsAQ2lyjWW8eQAr2urbC SC4K1vB7dia2IYIn1tfJgE8kMD96OiBGtiVhp9N+pkpWoz9verAAaTWlwiLUj+XhcNpHyH1hPwi g+jvdAFl9ydw8uVok7HdOQ7llfRwElt1Y26AcsF2nRAAqLKpV0wzIqJogNzNSMjQ2N+/ZLana/t gG1VthAwSoF9teg7TJg4QUDW23my7yER13DUav17694nDFEja01rtWlq3L3kS+QA6siZu4V7hbK X0oFFCfAE3/LjkAfK2gCecJGypMJMUAY1BbCvasXQbXmuF0CqyFuHq6BPmf93eilyFmgecWX8zP JXGCQjYv+vZ1L385CrgDKCNYY8w2JbPs7CY8kZFfxGdEVNU06P X-Google-Smtp-Source: AGHT+IEV71SlkyzTuM3pce3nLRuP31x+D/fuc0QLzsFvYkvEP8JWeVIOHhbNJy0+RURhRb6DQFeAnw== X-Received: by 2002:a17:907:3f14:b0:b76:5ef6:3b73 with SMTP id a640c23a62f3a-b76715723cemr1098569266b.23.1763989070162; Mon, 24 Nov 2025 04:57:50 -0800 (PST) Received: from laurenz.albe-K4N0CV00F97414D ([2001:871:70:500b:b92:3bd1:b13:b00f]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b7655050d05sm1265734366b.70.2025.11.24.04.57.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Nov 2025 04:57:49 -0800 (PST) Message-ID: <464edf94a18cf09a49e275d9e9d723949d7682d3.camel@cybertec.at> Subject: Re: set role command From: Laurenz Albe To: Calvin Guo , pgsql-general@lists.postgresql.org Date: Mon, 24 Nov 2025 13:57:49 +0100 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.56.2 (3.56.2-2.fc42) MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Mon, 2025-11-24 at 16:15 +0800, Calvin Guo wrote: > I feel that set role logic is kindof misleading. >=20 > I am a superuser, admin, > I do: > set role usera > Now I am under the security context of usera, so I think running any sql = is safe > as long as it's allowed by usera. >=20 > Which is not the case! > as usera can do: > set role userb; other sql, > or=C2=A0 > reset role; orther sql, > it turns out it's not safe at all, the sql can easily get access right of= the > super user. it can impernate userb though they do not have any relationsh= ip whatso ever. >=20 > I really feel, once you "set role usera", you should behave like usera, y= ou should > NOT have the power say: hi, I can assume my super user power whenever I w= ant. > As this make the "set role usera" pretty much useless. I respect your feelings, but that is not how SET ROLE works. The current behavior is intentional and documented in https://www.postgresql.org/docs/current/sql-set-role.html There is SET SESSION AUTHORIZATION, which acts somewhet more like you want, except that you can become a superuser again with RESET SESSION AUTHORIZATI= ON. You'll have to come up with a different security concept. Yours, Laurenz Albe