set_user is an open source PostgreSQL extension that provides controlled privilege escalation with enhanced audit logging. It allows unprivileged users to switch to other roles, including superuser, while ensuring all privilege transitions are logged for audit purposes. EDB packages set_user for EDB Postgres Advanced Server only.
set_user is particularly useful for meeting compliance requirements (such as the CIS PostgreSQL Benchmark requirement to install the set_user extension) that mandate auditable superuser access management. By routing privilege escalation through set_user, direct superuser logins can be disabled while still allowing authorized users to perform administrative tasks.
For more information about set_user, see: