---I trained a project under bigmath user

bigmath=# select * from pg_ml.projects;
id | name | task | created_at | updated_at
----+-----------------+----------------+----------------------------+----------------------------
1 | Iris Classifier | classification | 2023-12-27 11:06:23.137026 | 2023-12-27 11:06:23.137045
(1 row)

--- then i change user to postgres

set role postgres;
select CURRENT_USER;

current_user

postgres
(1 row)

--- but i also can train bigmath's project ;

SELECT
target,
pg_ml.predict('Iris Classifier', array[sepal_length,sepal_width,petal_length,petal_width])
FROM iris_view;
Time: 24.520 ms

--- Is such permission allowed? Does it satisfy the principle of least privilege? Hope to get the answer, thank you

This is a feature set we could potentially support if you have some more examples on desired use cases. You can configure row level security permissions, but these are not (automatically) integrated into the model management lifecycle, so you may want some training wrappers to appropriately set permissions.

At a higher level, we're prioritizing features like multi user security permission management in the enterprise cloud, where we can deal with complex configurations for resource and data access control in a more integrated manner, with a web UX, while we leave the open source extension more open and easy to use, but PRs are always welcome.

thanks a lot about your answer.