Re: Web users as database users? - Mailing list pgsql-general

From Tom Lane
Subject Re: Web users as database users?
Date
Msg-id 16391.1568989132@sss.pgh.pa.us
Whole thread Raw
In response to Re: Web users as database users?  (Rob Sargent <robjsargent@gmail.com>)
Responses Re: Web users as database users?
List pgsql-general
Rob Sargent <robjsargent@gmail.com> writes:
>> On Sep 20, 2019, at 6:15 AM, Tim Clarke <tim.clarke@minerva.info> wrote:
> On 20/09/2019 12:50, David Gallagher wrote:
>>> ... would it make sense to have a user account on the database
>>> to mirror the user account from the web app? Is that an unusual practice?

>> Not at all, we're doing it

> But you likely want a many-to-one mapping of actual user to permission group

Yeah.  You're likely to end up with a *lot* of user accounts in this
scenario.  There is a restriction on how many distinct GRANTs you can
issue against any one object --- performance will get bad if the ACL
list gets too large.  However, you can add lots of users to any group
role.  So put the users into appropriate group(s) and issue database
permissions on the group level.

            regards, tom lane



pgsql-general by date:

Previous
From: Rob Sargent
Date:
Subject: Re: Web users as database users?
Next
From: "Bhardwaj, SONAM- SONAM R"
Date:
Subject: pg_auto_failover