2002-09-21 20:32:54 +02:00
|
|
|
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/ref/set_session_auth.sgml,v 1.7 2002/09/21 18:32:54 petere Exp $ -->
|
2001-05-08 23:06:43 +02:00
|
|
|
<refentry id="SQL-SET-SESSION-AUTHORIZATION">
|
|
|
|
<docinfo>
|
|
|
|
<date>2001-04-21</date>
|
|
|
|
</docinfo>
|
|
|
|
|
|
|
|
<refmeta>
|
2001-11-18 21:35:02 +01:00
|
|
|
<refentrytitle id="sql-set-session-authorization-title">SET SESSION AUTHORIZATION</refentrytitle>
|
2001-05-08 23:06:43 +02:00
|
|
|
<refmiscinfo>SQL - Language Statements</refmiscinfo>
|
|
|
|
</refmeta>
|
|
|
|
|
|
|
|
<refnamediv>
|
|
|
|
<refname>SET SESSION AUTHORIZATION</refname>
|
2001-11-18 21:35:02 +01:00
|
|
|
<refpurpose>set the session user identifier and the current user identifier of the current session</refpurpose>
|
2001-05-08 23:06:43 +02:00
|
|
|
</refnamediv>
|
|
|
|
|
|
|
|
<refsynopsisdiv>
|
|
|
|
<synopsis>
|
2002-05-17 03:19:19 +02:00
|
|
|
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION <parameter>username</parameter>
|
|
|
|
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
|
2002-05-06 21:47:30 +02:00
|
|
|
RESET SESSION AUTHORIZATION
|
2001-05-08 23:06:43 +02:00
|
|
|
</synopsis>
|
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Description</title>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
This command sets the session user identifier and the current user
|
2002-01-20 23:19:57 +01:00
|
|
|
identifier of the current SQL-session context to be
|
2002-05-06 21:47:30 +02:00
|
|
|
<parameter>username</parameter>. The user name may be written as
|
|
|
|
either an identifier or a string literal.
|
|
|
|
The session user identifier is valid for the duration of a
|
|
|
|
connection; for example, it is possible to temporarily become an
|
|
|
|
unprivileged user and later switch back to become a superuser.
|
2001-05-08 23:06:43 +02:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
The session user identifier is initially set to be the (possibly
|
|
|
|
authenticated) user name provided by the client. The current user
|
|
|
|
identifier is normally equal to the session user identifier, but
|
|
|
|
may change temporarily in the context of <quote>setuid</quote>
|
2002-01-20 23:19:57 +01:00
|
|
|
functions and similar mechanisms. The current user identifier is
|
2001-05-08 23:06:43 +02:00
|
|
|
relevant for permission checking.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
2002-05-06 21:47:30 +02:00
|
|
|
The session user identifier may be changed only if the initial session
|
2001-05-08 23:06:43 +02:00
|
|
|
user (the <firstterm>authenticated user</firstterm>) had the
|
2002-05-06 21:47:30 +02:00
|
|
|
superuser privilege. Otherwise, the command is accepted only if it
|
2002-09-21 20:32:54 +02:00
|
|
|
specifies the authenticated user name.
|
2001-05-08 23:06:43 +02:00
|
|
|
</para>
|
2002-05-06 21:47:30 +02:00
|
|
|
|
2002-05-17 03:19:19 +02:00
|
|
|
<para>
|
|
|
|
The <option>SESSION</> and <option>LOCAL</> modifiers act the same
|
|
|
|
as for the regular <xref linkend="SQL-SET" endterm="SQL-SET-title">
|
|
|
|
command.
|
|
|
|
</para>
|
|
|
|
|
2002-05-06 21:47:30 +02:00
|
|
|
<para>
|
|
|
|
The <literal>DEFAULT</> and <literal>RESET</> forms reset the session
|
|
|
|
and current user identifiers to be the originally authenticated user
|
|
|
|
name. These forms are always accepted.
|
|
|
|
</para>
|
|
|
|
|
2001-05-08 23:06:43 +02:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Examples</title>
|
|
|
|
|
|
|
|
<screen>
|
|
|
|
<userinput>SELECT SESSION_USER, CURRENT_USER;</userinput>
|
|
|
|
current_user | session_user
|
|
|
|
--------------+--------------
|
|
|
|
peter | peter
|
|
|
|
|
|
|
|
<userinput>SET SESSION AUTHORIZATION 'paul';</userinput>
|
|
|
|
|
|
|
|
<userinput>SELECT SESSION_USER, CURRENT_USER;</userinput>
|
|
|
|
current_user | session_user
|
|
|
|
--------------+--------------
|
|
|
|
paul | paul
|
|
|
|
</screen>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Compatibility</title>
|
|
|
|
|
|
|
|
<simpara>SQL99</simpara>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
SQL99 allows some other expressions to appear in place of the
|
|
|
|
literal <parameter>username</parameter> which are not important in
|
|
|
|
practice. <application>PostgreSQL</application> allows identifier
|
|
|
|
syntax (<literal>"username"</literal>), which SQL does not. SQL
|
|
|
|
does not allow this command during a transaction;
|
|
|
|
<application>PostgreSQL</application> does not make
|
|
|
|
this restriction because there is no reason to. The
|
|
|
|
privileges necessary to execute this command are left
|
|
|
|
implementation-defined by the standard.
|
|
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
</refentry>
|
|
|
|
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
|
|
Local variables:
|
|
|
|
mode:sgml
|
|
|
|
sgml-omittag:nil
|
|
|
|
sgml-shorttag:t
|
|
|
|
sgml-minimize-attributes:nil
|
|
|
|
sgml-always-quote-attributes:t
|
|
|
|
sgml-indent-step:1
|
|
|
|
sgml-indent-data:t
|
|
|
|
sgml-parent-document:nil
|
|
|
|
sgml-default-dtd-file:"../reference.ced"
|
|
|
|
sgml-exposed-tags:nil
|
|
|
|
sgml-local-catalogs:("/usr/lib/sgml/catalog")
|
|
|
|
sgml-local-ecat-files:nil
|
|
|
|
End:
|
|
|
|
-->
|