Is there a way to prevent a user from running "reset role" in PostgreSQL, and thus gaining permission he may not have ?
I have an architecture with many databases on a single server. An API connects to several databases on a local PostgreSQL server. I had planned to use Pgbouncer but it sounds like I would have to map one database/user in pgbouncer to the same database/user in PostgreSQL which sounds counter productive. Instead I would like to be able to reuse connections but have different authorization for different user upon connection.
Best Answer
1
RESET ROLE
would just "return" you back to the role you used to login. here alsoSET ROLE rolename
so " gaining permission he may not have" is not the case.
2 pgbouncer indeed will require such mapping.
3 to "reuse connections but have different authorization for different user upon connection." you can use set authorization which is very similar to
SET ROLE
.There is no session pooler that would do it for you I believe...