gastaldi
commented
3 years ago Implementation idea: Create an @ApplicationScoped bean implementing io.agroal.api.AgroalPoolInterceptor. This will listen for connections coming out and in from the pool.
Then perform a SET SESSION AUTHORIZATION 'user' on the interceptor.
Link: https://www.postgresql.org/docs/current/sql-set-session-authorization.html
Query operations should be performed by a user that has little privilege on the database.
Admin operations should happen only on authenticated and authorized requests