Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tETEP-007VGh-8l for pgsql-general@arkaria.postgresql.org; Fri, 22 Nov 2024 12:57:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tETEN-008LvZ-8U for pgsql-general@arkaria.postgresql.org; Fri, 22 Nov 2024 12:57:51 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tETEM-008LvP-Ox for pgsql-general@lists.postgresql.org; Fri, 22 Nov 2024 12:57:50 +0000 Received: from dd25110.kasserver.com ([85.13.146.49]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tETEK-003H2H-96 for pgsql-general@postgresql.org; Fri, 22 Nov 2024 12:57:50 +0000 Received: from [192.168.0.102] (ip-037-201-153-175.um10.pools.vodafone-ip.de [37.201.153.175]) by dd25110.kasserver.com (Postfix) with ESMTPSA id A61D6E1A01E9; Fri, 22 Nov 2024 13:57:46 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=technowledgy.de; s=kas202308201259; t=1732280266; bh=bME3mNRp3KIYtxpZ1AJxOsZcZwjKHU1cjMPSlfYFwHA=; h=Date:From:Subject:To:Cc:References:In-Reply-To:From; b=Nk8v55jHKB8vjuS6ZaTl4wUbmA8GMmU3LD/XTdx/5DXNsU+1ltVREo6xPyb7H6R+c z+9TJV3ypM8M9PjfTBobxF/+6BchDWS5HZYDtPULGzl2jEmwiL0SFEOX031q9ziKfh ZGttQxL6PeA59tqcrGOZeFIex2rbfCS6tzCsybVSjEoAxXak8SFGJR5Iu8FB+kpfJQ m3Xhd6ZNElBUETGokdl17qhIvQqJ0kI2edyJjznJqqF0c7xk7STokAnhU/qT/2xtnQ 7GzAX8FHMgPZ4+Ivhp4Jtfnk23X73uusRJMmuF2r8amWFflGbW1yUsiDDCAiY9fTPJ 18u+tLtd4HryQ== Message-ID: Date: Fri, 22 Nov 2024 13:57:45 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: walther@technowledgy.de Subject: Re: Fwd: A million users To: Eric Hanson Cc: Dominique Devienne , Alvaro Herrera , Vijaykumar Jain , pgsql-general , "kaare@jasonic.dk" References: <202411131029.qchduffwgzhm@alvherre.pgsql> <7d32e088-34a7-421a-9398-80958acb3f64@technowledgy.de> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: ++ List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Eric Hanson: > Did you find some way to prevent RESET ROLE?  I once advocated for a NO > RESET option on SET ROLE [1] so that RESET ROLE would be impossible for > the rest of the session.  Still think it would be helpful. Yeah, this is still on my list of things to research more about eventually - currently still unsolved. For my use-case the NO RESET would need to apply until the end of the transaction, not end of the session. I imagine something like an extension, that would: - block any SET SESSION ROLE - block any RESET ROLE - only allow SET LOCAL ROLE when CURRENT_USER has the right to do so Then the effect of SET LOCAL ROLE would still be reversed at the end of the transaction, but you could never "escape" a SET LOCAL ROLE that was set earlier. Best, Wolfgang