Thursday, August 21, 2008

[ADMIN] privilege shedding

Is there a way to non-reversibly shed privilige within a PostgreSQL
session?

I would like to start a session as a superuser role, set up some views
and triggers as superuser, and then change role to a lesser role for
the remainder of the session.

It seems that if you use 'set role' for this, you get the lesser role,
but the original (superuser) role can be restored by another 'set
role' statement, without any re-authentication. I would like the role
change to persist through the life of the session, without the option
of restoring the superuser role.


Thank you,
David

--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

No comments: