Re: [Django] #34200: Allow setting postgres role during connection setup

Mon, 05 Dec 2022 20:45:49 -0800 

#34200: Allow setting postgres role during connection setup
-------------------------------------+-------------------------------------
     Reporter:  Mike Crute           |                    Owner:  Mike
                                     |  Crute
         Type:  New feature          |                   Status:  closed
    Component:  Database layer       |                  Version:  4.1
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:  needsinfo
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):

 * cc: Florian Apolloner (added)
 * status:  assigned => closed
 * resolution:   => needsinfo
 * type:  Bug => New feature


Comment:

 > The solution to this problem is pretty straightforward. First create a
 grouping role for the application (roles do not distinguish between being
 a user or a group) that can become the owner of the database objects. Then
 create the temporary roles generated by the credential management system
 as members of this grouping role. Finally, assume that grouping role
 before performing actions on the database using the
 [[https://www.postgresql.org/docs/8.4/sql-set-role.html|SET ROLE]]
 statement during connection setup. This will cause all of the temporary
 roles to act as the grouping role which has ownership of all of these
 objects and eliminate the permission issues.

 Thanks for the ticket, however I don't see anything "straightforward"
 about this solution, it seems complicated and quite niche. All the role-
 juggling looks like something the DBA should do, not something that
 framework is responsible for. Also, is it not already possible to `SET
 ROLE` in `DATABASE["OPTIONS"]`? (see
 [https://docs.djangoproject.com/en/stable/ref/settings/#std-setting-
 OPTIONS docs])

-- 
Ticket URL: <https://code.djangoproject.com/ticket/34200#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070184e5c10ae4-68dd8053-c613-4c5c-967b-840f4755ec54-000000%40eu-central-1.amazonses.com.

Reply via email to