On Thu, 2022-11-17 at 16:52 -0500, Robert Haas wrote: > But I think the bigger > reason is that, in my opinion, this proposal is more generally > useful, > because it takes no position on why you wish to disallow SET ROLE. > You > can just disallow it in some cases and allow it in others, and that's > fine.
I agree that the it's more flexible in the sense that it does what it does, and administrators can use it if it's useful for them. That means we don't need to understand the actual goals as well; but it also means that it's harder to determine the consequences if we tweak the behavior (or any related behavior) later. I'll admit that I don't have an example of a likely problem here, though. > That proposal targets a specific use case, which may make it a > better solution to that particular problem, but it makes it > unworkable > as a solution to any other problem, I believe. Yeah, that's the flip side: "virtual" roles (for lack of a better name) are a more narrow fix for the problem as I understand it; but it might leave related problems unfixed. You and Stephen[2] both seemed to consider this approach, and I happened to like it, so I wanted to make sure that it wasn't dismissed too quickly. But I'm fine if you'd like to move on with the SET ROLE privilege instead, as long as we believe it grants a stable set of capabilities (and conversely, that if the SET ROLE privilege is revoked, that it revokes a stable set of capabilities). [2] https://www.postgresql.org/message-id/YzIAGCrxoXibAKOD%40tamriel.snowman.net -- Jeff Davis PostgreSQL Contributor Team - AWS
