I've got a user with CREATEUSER privs. I've not granted that user and DB
specific privs but it can do what it will with non-public schemas... Is
there a user that can do SET SESSION AUTHORIZATION but does not have privs
otherwise?
Basically I want a login user that can then set session auth... to any other
user but otherwise has no privs. (Having createuser is acceptable.) I'm
looking into a way to give connection pooled access to a web site
(connections must have the same user/pw info to be pooled) but to then
enforce DB-level security. I do not want the account that the web container
uses to access the db to have any db-level privs.
(I.e., rather than the Unix "root" account, something more like VMS (now
Windows NT) user privs. VMS users had a "set priv" privilege which, of
course, could indirectly give the holder of that priv any other priv. But
only indirectly. It has some benefits.)
Thanks,
== Ezra Epstien
