Re: set role command
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Calvin Guo <newoakllc2023@gmail.com>, pgsql-general@lists.postgresql.org
Date: 2025-11-24T12:57:49Z
Lists: pgsql-general
On Mon, 2025-11-24 at 16:15 +0800, Calvin Guo wrote: > I feel that set role logic is kindof misleading. > > I am a superuser, admin, > I do: > set role usera > Now I am under the security context of usera, so I think running any sql is safe > as long as it's allowed by usera. > > Which is not the case! > as usera can do: > set role userb; other sql, > or > reset role; orther sql, > it turns out it's not safe at all, the sql can easily get access right of the > super user. it can impernate userb though they do not have any relationship whatso ever. > > I really feel, once you "set role usera", you should behave like usera, you should > NOT have the power say: hi, I can assume my super user power whenever I want. > As this make the "set role usera" pretty much useless. I respect your feelings, but that is not how SET ROLE works. The current behavior is intentional and documented in https://www.postgresql.org/docs/current/sql-set-role.html There is SET SESSION AUTHORIZATION, which acts somewhet more like you want, except that you can become a superuser again with RESET SESSION AUTHORIZATION. You'll have to come up with a different security concept. Yours, Laurenz Albe