search

supabase / supautils

PostgreSQL extension that secures a cluster on a cloud environment
https://supabase.github.io/supautils
Apache License 2.0
56 stars 12 forks source link

Allow doing ALTER ROLE .. CONNECTION LIMIT on reserved roles #81

Open steve-chavez opened 7 months ago

steve-chavez commented 7 months ago

Problem

Currently gives an error:

alter role authenticator connection limit 30;

ERROR:  42501: "authenticator" is a reserved role, only superusers can modify it

This is useful for limiting pool connections.

Solution

Allow it.

soedirgo commented 7 months ago

This needs to be more granular, otherwise you'd be able to alter role supabase_admin connection limit 0

steve-chavez commented 7 months ago

@soedirgo We have an undocumented (pending fix) feature that allows for configurable reserved roles by suffixing them with *, like authenticator here:

reserved_roles="supabase_storage_admin, anon, reserved_but_not_yet_created, authenticator*"

https://github.com/supabase/supautils/blob/master/nix/withTmpDb.sh.in#L18

That should clear your concern right?

soedirgo commented 6 months ago

Hmm yeah, I think that'd work 👍