Re: Fwd: A million users - Mailing list pgsql-general

From Dominique Devienne
Subject Re: Fwd: A million users
Date
Msg-id CAFCRh-9Le3fkJMWGuHdFPP-kfHdEAAchFZf0msEq3hNijixbFw@mail.gmail.com
Whole thread Raw
In response to Re: Fwd: A million users  (Alvaro Herrera <alvherre@alvh.no-ip.org>)
Responses Re: Fwd: A million users
Re: Fwd: A million users
List pgsql-general
On Wed, Nov 13, 2024 at 11:29 AM Alvaro Herrera <alvherre@alvh.no-ip.org> wrote:
> On 2024-Nov-13, Vijaykumar Jain wrote:
> > I tried to grant select permissions to 5000 different roles on one table,
> > It failed with row size too big already at 2443.
>
> But you can grant select to one "reader" role, and grant that one role
> to however many other roles you want.  This way you can have an
> arbitrary number of roles with indirect access to the table.  In
> real-world usage, this is more convenient that granting access to
> individual roles on individual tables; likely, you'll grant access to
> sets of tables/views/functions/etc rather than exactly one, and you can
> manage that more easily if you have one intermediate role to modify than
> if you have to mess with 5000 individual roles.

Hi. Sure, that's a good point, and a best practice IMHO.
But I already do that, and the original question remain,
i.e. how does PostgreSQL with thousands or millions of roles?
In my use case, 1000 LOGIN users, and 10'000 schema related ROLEs,
is possible, with can translate to millions of GRANTs.

It matters to me especially, since I'm using pg_has_role() in RLS predicates,
in addition to using ROLEs for access to schemas as usual (see above).
I'm not in a point to test that myself at this time, but if anyone looked into
how PostgreSQL scales with many roles (O(N)? O(logN)? O(NlogN)?),
I'd be interested in pointers to that research or those benchmarks.

Thanks, --DD



pgsql-general by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: Fwd: A million users
Next
From: Achilleas Mantzios - cloud
Date:
Subject: Re: Fwd: A million users