On Tue, May 31, 2016 at 10:20 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
CN <cnliou9@fastmail.fm> writes: > If command "SET SESSION AUTHORIZATION" is enhanced to accept two > additional arguments > PASSWORD <password> > , then a client simply establishes only one connection to server and do > jobs for a million roles.
* Any session-level settings specified for the new role with ALTER USER SET don't get adopted. While you could imagine that specific applications might be okay with these things, they're pretty fatal for a general-purpose connection pooler; the first two in particular would be unacceptable security holes.
Is there a reason something "SET ROLE ... WITH SETTINGS" couldn't be implemented?