Allow doing ALTER ROLE .. CONNECTION LIMIT on reserved roles

Question

Allow doing ALTER ROLE .. CONNECTION LIMIT on reserved roles

steve-chavez opened this issue 6 months ago · comments

Problem

Currently gives an error:

alter role authenticator connection limit 30;

ERROR:  42501: "authenticator" is a reserved role, only superusers can modify it

This is useful for limiting pool connections.

Solution

Allow it.

Bobbie Soedirgo · Answer 1 · Mon Feb 19 2024 11:01:48 GMT+0800 (China Standard Time)

This needs to be more granular, otherwise you'd be able to alter role supabase_admin connection limit 0

Steve Chavez · Answer 2 · Mon Feb 19 2024 23:39:07 GMT+0800 (China Standard Time)

@soedirgo We have an undocumented (pending fix) feature that allows for configurable reserved roles by suffixing them with *, like authenticator here:

reserved_roles="supabase_storage_admin, anon, reserved_but_not_yet_created, authenticator*"

https://github.com/supabase/supautils/blob/master/nix/withTmpDb.sh.in#L18

That should clear your concern right?

Bobbie Soedirgo · Answer 3 · Thu Feb 22 2024 17:39:41 GMT+0800 (China Standard Time)

Hmm yeah, I think that'd work 👍