pgwire/hba: enable filtering logins by role, not just username #51596
Labels
A-authentication
Pertains to authn subsystems
A-security
A-sql-pgwire
pgwire protocol issues.
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
T-sql-foundations
SQL Foundations Team (formerly SQL Schema + SQL Sessions)
Projects
This is one of the requirements for #51453: we want to support a constraint on the role(s) of a user in the "username" constraint column of the HBA config, like postgres does.
The idea is that if the HBA rule says
then any login attempt by a user in the role
admin
should be rejected by this rule.There are two foreseen uses for this:
admin
, just a subset) to launch backups.admin
account to log in.Jira issue: CRDB-4028
The text was updated successfully, but these errors were encountered: