[pgpool-general: 5822] RBAC in RDBMS and pgpool, a probable solution
Joost Helberg
pgpool at helberg.nl
Fri Nov 24 23:03:28 JST 2017
Hi pgpool users/developers,
When I advice people to use RBAC in the RDBMS, they always reply
with: "you can't pool connections then, so this doesn't scale".
But GPDR and common sense, together with great access-features
of PostgreSQL (e.g. RLS), dictate the use of roles for
compliance. It may even be the best option in case changing
application-code to do better RBAC is too cumbersome. It's too
risky anyway.
My plan is to investigate the use of roles in pgpool where
applications connect using personal roles and pgpool
multiplexes this onto one or more superuser-connections with
additional "set role" statements prepending each statement.
For authentication, one or more seperate authentication
connections to the RDBMS can be utilised by pgpool.
Does this make any sense? Am I missing the point? Has this been
done before, did it fail for obvious reasons?
many thanks in advance!
Joost Helberg
--
Cistus
More information about the pgpool-general
mailing list