Home > mailing lists

Re: Why do i need to install set_user extension if i can directly grant all required privileges to user? - Mailing list pgsql-admin

From	Bhasker Bathini
Subject	Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?
Date	June 21, 2023 15:57:15
Msg-id	CAJ4vKBvpTnbuvcu1vPk3Qd3bmqSVqcYn_mfKF9i9VC0HMBKt0g@mail.gmail.com Whole thread Raw
In response to	Re: Why do i need to install set_user extension if i can directly grant all required privileges to user? (Jeff Janes <jeff.janes@gmail.com>)
List	pgsql-admin

Tree view

Jeff, set_user needs to be installed as per CIS benchmark standards, I see this as more vulnerable giving to individual users.

When you know a user or application account need set of permission, you can directly grant all the necessary privileges, why do you need to switch account in performing any operation, I am trying to find if there is any operation in particular that can only be done by postgres, or any super user account to inherit its roles?

On Wed, Jun 21, 2023 at 10:55 AM Jeff Janes <jeff.janes@gmail.com> wrote:

On Wed, Jun 21, 2023 at 7:50 AM Bhasker Bathini <onelargepeg@gmail.com> wrote:
Hi , i was wondering, why do i need to install set_user extension when i can grant all the privileges to user directly?

Surely you don't need to install set_user in general. Indeed, I've never even heard of it before.

Maybe you need it for some specific use, but you didn't describe anything about what you are doing.

Cheers,

Jeff

Bhasker Bathini

pgsql-admin by date:

From: Joe Conway
Date: 21 June 2023, 15:13:17
Subject: Re: Why do i need to install set_user extension if i can directly grant all required privileges to user?

From: Wells Oliver
Date: 21 June 2023, 16:06:05
Subject: AWS RDS "sessions" and pg_stat_activity

Re: Why do i need to install set_user extension if i can directly grant all required privileges to user? - Mailing list pgsql-admin

Previous

Next