rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/doc/src/sgml/ref/set_session_auth.sgml

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

131 lines
3.9 KiB
Plaintext
Raw Normal View History

doc: make ref/*.sgml file header comment layout consistent
2020-05-15 14:52:24 +02:00
<!--
doc/src/sgml/ref/set_session_auth.sgml
PostgreSQL documentation
-->
Convert SGML IDs to lower case IDs in SGML are case insensitive, and we have accumulated a mix of upper and lower case IDs, including different variants of the same ID. In XML, these will be case sensitive, so we need to fix up those differences. Going to all lower case seems most straightforward, and the current build process already makes all anchors and lower case anyway during the SGML->XML conversion, so this doesn't create any difference in the output right now. A future XML-only build process would, however, maintain any mixed case ID spellings in the output, so that is another reason to clean this up beforehand. Author: Alexander Lakhin <exclusion@gmail.com>
2017-10-20 03:16:39 +02:00
<refentry id="sql-set-session-authorization">
doc: Improve DocBook XML validity DocBook XML is superficially compatible with DocBook SGML but has a slightly stricter DTD that we have been violating in a few cases. Although XSLT doesn't care whether the document is valid, the style sheets don't necessarily process invalid documents correctly, so we need to work toward fixing this. This first commit moves the indexterms in refentry elements to an allowed position. It has no impact on the output.
2014-02-24 03:25:35 +01:00
<indexterm zone="sql-set-session-authorization">
<primary>SET SESSION AUTHORIZATION</primary>
</indexterm>
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
<refmeta>
Remove unnecessary xref endterm attributes and title ids The endterm attribute is mainly useful when the toolchain does not support automatic link target text generation for a particular situation. In the past, this was required by the man page tools for all reference page links, but that is no longer the case, and it now actually gets in the way of proper automatic link text generation. The only remaining use cases are currently xrefs to refsects.
2010-04-03 09:23:02 +02:00
<refentrytitle>SET SESSION AUTHORIZATION</refentrytitle>
Set SQL man pages to be section 7 by default, and only transform them to another section if required by the platform (instead of the old way of building them in section "l" and always transforming them to the platform-specific section). This speeds up the installation on common platforms, and it avoids some funny business with the man page tools and build process.
2008-11-14 11:22:48 +01:00
<manvolnum>7</manvolnum>
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
<refmiscinfo>SQL - Language Statements</refmiscinfo>
</refmeta>
<refnamediv>
<refname>SET SESSION AUTHORIZATION</refname>
Initial round of tweakage for man pages
2001-11-18 21:35:02 +01:00
<refpurpose>set the session user identifier and the current user identifier of the current session</refpurpose>
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
</refnamediv>
<refsynopsisdiv>
<synopsis>
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION <replaceable class="parameter">user_name</replaceable>
Merge the last few variable.c configuration variables into the generic GUC support. It's now possible to set datestyle, timezone, and client_encoding from postgresql.conf and per-database or per-user settings. Also, implement rollback of SET commands that occur in a transaction that later fails. Create a SET LOCAL var = value syntax that sets the variable only for the duration of the current transaction. All per previous discussions in pghackers.
2002-05-17 03:19:19 +02:00
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
Accept SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION to reset session userid to the originally-authenticated name. Also, relax SET SESSION AUTHORIZATION to allow specifying one's own username even if one is not superuser, so as to avoid unnecessary error messages when loading a pg_dump file that uses this command. Per discussion from several months ago.
2002-05-06 21:47:30 +02:00
RESET SESSION AUTHORIZATION
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
</synopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>
This command sets the session user identifier and the current user
Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. The purpose of this change is to ensure that user-defined functions used in index definitions cannot acquire the privileges of a superuser account that is performing routine maintenance. While a function used in an index is supposed to be IMMUTABLE and thus not able to do anything very interesting, there are several easy ways around that restriction; and even if we could plug them all, there would remain a risk of reading sensitive information and broadcasting it through a covert channel such as CPU usage. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. Thanks to Itagaki Takahiro for reporting this vulnerability. Security: CVE-2007-6600
2008-01-03 22:23:15 +01:00
identifier of the current SQL session to be <replaceable
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
class="parameter">user_name</replaceable>. The user name can be
Last round of reference page editing.
2003-05-04 04:23:16 +02:00
written as either an identifier or a string literal. Using this
command, it is possible, for example, to temporarily become an
Add SET ROLE. This is a partial commit of Stephen Frost's recent patch; I'm still working on the has_role function and information_schema changes.
2005-07-26 00:12:34 +02:00
unprivileged user and later switch back to being a superuser.
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
</para>
<para>
The session user identifier is initially set to be the (possibly
authenticated) user name provided by the client. The current user
identifier is normally equal to the session user identifier, but
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
might change temporarily in the context of <literal>SECURITY DEFINER</literal>
Add SET ROLE. This is a partial commit of Stephen Frost's recent patch; I'm still working on the has_role function and information_schema changes.
2005-07-26 00:12:34 +02:00
functions and similar mechanisms; it can also be changed by
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
<xref linkend="sql-set-role"/>.
Add SET ROLE. This is a partial commit of Stephen Frost's recent patch; I'm still working on the has_role function and information_schema changes.
2005-07-26 00:12:34 +02:00
The current user identifier is relevant for permission checking.
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
</para>
<para>
Update reference documentation on may/can/might: Standard English uses "may", "can", and "might" in different ways: may - permission, "You may borrow my rake." can - ability, "I can lift that log." might - possibility, "It might rain today." Unfortunately, in conversational English, their use is often mixed, as in, "You may use this variable to do X", when in fact, "can" is a better choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
The session user identifier can be changed only if the initial session
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
user (the <firstterm>authenticated user</firstterm>) had the
Accept SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION to reset session userid to the originally-authenticated name. Also, relax SET SESSION AUTHORIZATION to allow specifying one's own username even if one is not superuser, so as to avoid unnecessary error messages when loading a pg_dump file that uses this command. Per discussion from several months ago.
2002-05-06 21:47:30 +02:00
superuser privilege. Otherwise, the command is accepted only if it
Add more appropriate markup.
2002-09-21 20:32:54 +02:00
specifies the authenticated user name.
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
</para>
Accept SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION to reset session userid to the originally-authenticated name. Also, relax SET SESSION AUTHORIZATION to allow specifying one's own username even if one is not superuser, so as to avoid unnecessary error messages when loading a pg_dump file that uses this command. Per discussion from several months ago.
2002-05-06 21:47:30 +02:00
Merge the last few variable.c configuration variables into the generic GUC support. It's now possible to set datestyle, timezone, and client_encoding from postgresql.conf and per-database or per-user settings. Also, implement rollback of SET commands that occur in a transaction that later fails. Create a SET LOCAL var = value syntax that sets the variable only for the duration of the current transaction. All per previous discussions in pghackers.
2002-05-17 03:19:19 +02:00
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
The <literal>SESSION</literal> and <literal>LOCAL</literal> modifiers act the same
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
as for the regular <xref linkend="sql-set"/>
Merge the last few variable.c configuration variables into the generic GUC support. It's now possible to set datestyle, timezone, and client_encoding from postgresql.conf and per-database or per-user settings. Also, implement rollback of SET commands that occur in a transaction that later fails. Create a SET LOCAL var = value syntax that sets the variable only for the duration of the current transaction. All per previous discussions in pghackers.
2002-05-17 03:19:19 +02:00
command.
</para>
Accept SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION to reset session userid to the originally-authenticated name. Also, relax SET SESSION AUTHORIZATION to allow specifying one's own username even if one is not superuser, so as to avoid unnecessary error messages when loading a pg_dump file that uses this command. Per discussion from several months ago.
2002-05-06 21:47:30 +02:00
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
The <literal>DEFAULT</literal> and <literal>RESET</literal> forms reset the session
Accept SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION to reset session userid to the originally-authenticated name. Also, relax SET SESSION AUTHORIZATION to allow specifying one's own username even if one is not superuser, so as to avoid unnecessary error messages when loading a pg_dump file that uses this command. Per discussion from several months ago.
2002-05-06 21:47:30 +02:00
and current user identifiers to be the originally authenticated user
Update reference documentation on may/can/might: Standard English uses "may", "can", and "might" in different ways: may - permission, "You may borrow my rake." can - ability, "I can lift that log." might - possibility, "It might rain today." Unfortunately, in conversational English, their use is often mixed, as in, "You may use this variable to do X", when in fact, "can" is a better choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
name. These forms can be executed by any user.
Accept SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION to reset session userid to the originally-authenticated name. Also, relax SET SESSION AUTHORIZATION to allow specifying one's own username even if one is not superuser, so as to avoid unnecessary error messages when loading a pg_dump file that uses this command. Per discussion from several months ago.
2002-05-06 21:47:30 +02:00
</para>
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
</refsect1>
Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. The purpose of this change is to ensure that user-defined functions used in index definitions cannot acquire the privileges of a superuser account that is performing routine maintenance. While a function used in an index is supposed to be IMMUTABLE and thus not able to do anything very interesting, there are several easy ways around that restriction; and even if we could plug them all, there would remain a risk of reading sensitive information and broadcasting it through a covert channel such as CPU usage. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. Thanks to Itagaki Takahiro for reporting this vulnerability. Security: CVE-2007-6600
2008-01-03 22:23:15 +01:00
<refsect1>
<title>Notes</title>
<para>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<command>SET SESSION AUTHORIZATION</command> cannot be used within a
<literal>SECURITY DEFINER</literal> function.
Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. The purpose of this change is to ensure that user-defined functions used in index definitions cannot acquire the privileges of a superuser account that is performing routine maintenance. While a function used in an index is supposed to be IMMUTABLE and thus not able to do anything very interesting, there are several easy ways around that restriction; and even if we could plug them all, there would remain a risk of reading sensitive information and broadcasting it through a covert channel such as CPU usage. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. Thanks to Itagaki Takahiro for reporting this vulnerability. Security: CVE-2007-6600
2008-01-03 22:23:15 +01:00
</para>
</refsect1>
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
<refsect1>
<title>Examples</title>
This patch makes the following changes to the documentation: - more work from the SGML police - some grammar improvements: rewriting a paragraph or two, replacing contractions where (IMHO) appropriate - fix missing utility commands in lock mode docs - improve CLUSTER, REINDEX, SET SESSION AUTHORIZATION ref pages Neil Conway
2003-02-19 05:06:28 +01:00
<programlisting>
SELECT SESSION_USER, CURRENT_USER;
session_user | current_user
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
--------------+--------------
peter | peter
This patch makes the following changes to the documentation: - more work from the SGML police - some grammar improvements: rewriting a paragraph or two, replacing contractions where (IMHO) appropriate - fix missing utility commands in lock mode docs - improve CLUSTER, REINDEX, SET SESSION AUTHORIZATION ref pages Neil Conway
2003-02-19 05:06:28 +01:00
SET SESSION AUTHORIZATION 'paul';
SELECT SESSION_USER, CURRENT_USER;
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
This patch makes the following changes to the documentation: - more work from the SGML police - some grammar improvements: rewriting a paragraph or two, replacing contractions where (IMHO) appropriate - fix missing utility commands in lock mode docs - improve CLUSTER, REINDEX, SET SESSION AUTHORIZATION ref pages Neil Conway
2003-02-19 05:06:28 +01:00
session_user | current_user
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
--------------+--------------
paul | paul
This patch makes the following changes to the documentation: - more work from the SGML police - some grammar improvements: rewriting a paragraph or two, replacing contractions where (IMHO) appropriate - fix missing utility commands in lock mode docs - improve CLUSTER, REINDEX, SET SESSION AUTHORIZATION ref pages Neil Conway
2003-02-19 05:06:28 +01:00
</programlisting>
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
</refsect1>
<refsect1>
<title>Compatibility</title>
<para>
Last round of reference page editing.
2003-05-04 04:23:16 +02:00
The SQL standard allows some other expressions to appear in place
Make the placeholder naming in the synopses of the SQL help more consistent
2009-09-19 12:23:27 +02:00
of the literal <replaceable>user_name</replaceable>, but these options
Basic documentation for ROLEs. The user-manag chapter still needs to be rewritten, but at least the reference pages are reasonably sane.
2005-07-27 01:24:02 +02:00
are not important in practice. <productname>PostgreSQL</productname>
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
allows identifier syntax (<literal>"<replaceable>username</replaceable>"</literal>), which SQL
Last round of reference page editing.
2003-05-04 04:23:16 +02:00
does not. SQL does not allow this command during a transaction;
This patch fixes a few missed GUC variables that were still upper case, makes a few more small improvements to runtime.sgml, and makes some SGML conventions more consistent. Neil Conway
2003-09-11 23:42:20 +02:00
<productname>PostgreSQL</productname> does not make this
Add SET ROLE. This is a partial commit of Stephen Frost's recent patch; I'm still working on the has_role function and information_schema changes.
2005-07-26 00:12:34 +02:00
restriction because there is no reason to.
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
The <literal>SESSION</literal> and <literal>LOCAL</literal> modifiers are a
Add SET ROLE. This is a partial commit of Stephen Frost's recent patch; I'm still working on the has_role function and information_schema changes.
2005-07-26 00:12:34 +02:00
<productname>PostgreSQL</productname> extension, as is the
Don't use SGML empty tags For DocBook XML compatibility, don't use SGML empty tags (</>) anymore, replace by the full tag name. Add a warning option to catch future occurrences. Alexander Lakhin, Jürgen Purtz
2017-10-09 03:44:17 +02:00
<literal>RESET</literal> syntax.
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
</para>
Add SET ROLE. This is a partial commit of Stephen Frost's recent patch; I'm still working on the has_role function and information_schema changes.
2005-07-26 00:12:34 +02:00
<para>
The privileges necessary to execute this command are left
implementation-defined by the standard.
</para>
</refsect1>
<refsect1>
<title>See Also</title>
<simplelist type="inline">
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz
2017-11-23 15:39:47 +01:00
<member><xref linkend="sql-set-role"/></member>
Add SET ROLE. This is a partial commit of Stephen Frost's recent patch; I'm still working on the has_role function and information_schema changes.
2005-07-26 00:12:34 +02:00
</simplelist>
Add SET SESSION AUTHORIZATION command.
2001-05-08 23:06:43 +02:00
</refsect1>
</refentry>