Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support SET ROLE command #13986

Open
neverchanje opened this issue Dec 14, 2023 · 3 comments
Open

feat: support SET ROLE command #13986

neverchanje opened this issue Dec 14, 2023 · 3 comments
Assignees
@yezizp2012
Labels
no-issue-activity priority/low type/feature

Comments

@neverchanje
Copy link
Contributor

neverchanje commented Dec 14, 2023
edited
Loading

Is your feature request related to a problem? Please describe.

I wish we can add more e2e tests to our access control mechanism, but it would not be doable if without switching roles in the same session.

https://www.postgresql.org/docs/current/sql-set-role.html The command SET ROLE can allow us to switch to non-root users in the same session. Since it's only for testing purposes, we can only allow superusers to SET ROLE to other roles.

With SET ROLE, we can write tests such as granting a few privileges to a user and checking if it's indeed granted for the corresponding operations.

Describe the solution you'd like

No response

Describe alternatives you've considered

No response

Additional context

@yezizp2012 Please share your thoughts if you don't think this feature is necessary..
@github-actions github-actions bot added this to the release-1.6 milestone Dec 14, 2023
@neverchanje neverchanje added the user-facing-changes Contains changes that are visible to users label Dec 14, 2023
@yezizp2012
Copy link
Member

yezizp2012 commented Dec 14, 2023
edited
Loading

Actually I was think about to support some Access Privilege Inquiry Functions to achieve that. For example:

has_table_privilege ( [ user name or oid, ] table text or oid, privilege text ) → boolean
Does user have privilege for table? Allowable privilege types are SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, and TRIGGER.

The advantage is that we only need to check whether the privilege is granted or revoked, and not to do some real DDLs to verify it.

@neverchanje
Copy link
Contributor Author

Thanks. has_table_privilege is orthogonal to SET ROLE. But I agree that it's more useful for testing.

@neverchanje neverchanje removed this from the release-1.6 milestone Dec 14, 2023
@neverchanje neverchanje added priority/low and removed user-facing-changes Contains changes that are visible to users labels Dec 14, 2023
@github-actions GitHub Actions
Copy link
Contributor

This issue has been open for 60 days with no activity. Could you please update the status? Feel free to continue discussion or close as not planned.

@KeXiangWang KeXiangWang mentioned this issue May 10, 2024
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yezizp2012 yezizp2012

Labels
no-issue-activity priority/low type/feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neverchanje @yezizp2012