Update reference documentation on may/can/might:
Standard English uses "may", "can", and "might" in different ways:
may - permission, "You may borrow my rake."
can - ability, "I can lift that log."
might - possibility, "It might rain today."
Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
|
|
|
<!-- $PostgreSQL: pgsql/doc/src/sgml/ref/set_session_auth.sgml,v 1.16 2007/01/31 23:26:04 momjian Exp $ -->
|
2001-05-08 23:06:43 +02:00
|
|
|
<refentry id="SQL-SET-SESSION-AUTHORIZATION">
|
|
|
|
<refmeta>
|
2001-11-18 21:35:02 +01:00
|
|
|
<refentrytitle id="sql-set-session-authorization-title">SET SESSION AUTHORIZATION</refentrytitle>
|
2001-05-08 23:06:43 +02:00
|
|
|
<refmiscinfo>SQL - Language Statements</refmiscinfo>
|
|
|
|
</refmeta>
|
|
|
|
|
|
|
|
<refnamediv>
|
|
|
|
<refname>SET SESSION AUTHORIZATION</refname>
|
2001-11-18 21:35:02 +01:00
|
|
|
<refpurpose>set the session user identifier and the current user identifier of the current session</refpurpose>
|
2001-05-08 23:06:43 +02:00
|
|
|
</refnamediv>
|
|
|
|
|
2003-08-31 19:32:24 +02:00
|
|
|
<indexterm zone="sql-set-session-authorization">
|
|
|
|
<primary>SET SESSION AUTHORIZATION</primary>
|
|
|
|
</indexterm>
|
|
|
|
|
2001-05-08 23:06:43 +02:00
|
|
|
<refsynopsisdiv>
|
|
|
|
<synopsis>
|
2003-05-04 04:23:16 +02:00
|
|
|
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION <replaceable class="parameter">username</replaceable>
|
2002-05-17 03:19:19 +02:00
|
|
|
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
|
2002-05-06 21:47:30 +02:00
|
|
|
RESET SESSION AUTHORIZATION
|
2001-05-08 23:06:43 +02:00
|
|
|
</synopsis>
|
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Description</title>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
This command sets the session user identifier and the current user
|
2003-02-19 05:06:28 +01:00
|
|
|
identifier of the current SQL-session context to be <replaceable
|
Update reference documentation on may/can/might:
Standard English uses "may", "can", and "might" in different ways:
may - permission, "You may borrow my rake."
can - ability, "I can lift that log."
might - possibility, "It might rain today."
Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
|
|
|
class="parameter">username</replaceable>. The user name can be
|
2003-05-04 04:23:16 +02:00
|
|
|
written as either an identifier or a string literal. Using this
|
|
|
|
command, it is possible, for example, to temporarily become an
|
2005-07-26 00:12:34 +02:00
|
|
|
unprivileged user and later switch back to being a superuser.
|
2001-05-08 23:06:43 +02:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
The session user identifier is initially set to be the (possibly
|
|
|
|
authenticated) user name provided by the client. The current user
|
|
|
|
identifier is normally equal to the session user identifier, but
|
Update reference documentation on may/can/might:
Standard English uses "may", "can", and "might" in different ways:
may - permission, "You may borrow my rake."
can - ability, "I can lift that log."
might - possibility, "It might rain today."
Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
|
|
|
might change temporarily in the context of <quote>setuid</quote>
|
2005-07-26 00:12:34 +02:00
|
|
|
functions and similar mechanisms; it can also be changed by
|
|
|
|
<xref linkend="sql-set-role" endterm="sql-set-role-title">.
|
|
|
|
The current user identifier is relevant for permission checking.
|
2001-05-08 23:06:43 +02:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
Update reference documentation on may/can/might:
Standard English uses "may", "can", and "might" in different ways:
may - permission, "You may borrow my rake."
can - ability, "I can lift that log."
might - possibility, "It might rain today."
Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
|
|
|
The session user identifier can be changed only if the initial session
|
2001-05-08 23:06:43 +02:00
|
|
|
user (the <firstterm>authenticated user</firstterm>) had the
|
2002-05-06 21:47:30 +02:00
|
|
|
superuser privilege. Otherwise, the command is accepted only if it
|
2002-09-21 20:32:54 +02:00
|
|
|
specifies the authenticated user name.
|
2001-05-08 23:06:43 +02:00
|
|
|
</para>
|
2002-05-06 21:47:30 +02:00
|
|
|
|
2002-05-17 03:19:19 +02:00
|
|
|
<para>
|
2003-05-04 04:23:16 +02:00
|
|
|
The <literal>SESSION</> and <literal>LOCAL</> modifiers act the same
|
2002-05-17 03:19:19 +02:00
|
|
|
as for the regular <xref linkend="SQL-SET" endterm="SQL-SET-title">
|
|
|
|
command.
|
|
|
|
</para>
|
|
|
|
|
2002-05-06 21:47:30 +02:00
|
|
|
<para>
|
|
|
|
The <literal>DEFAULT</> and <literal>RESET</> forms reset the session
|
|
|
|
and current user identifiers to be the originally authenticated user
|
Update reference documentation on may/can/might:
Standard English uses "may", "can", and "might" in different ways:
may - permission, "You may borrow my rake."
can - ability, "I can lift that log."
might - possibility, "It might rain today."
Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 00:26:05 +01:00
|
|
|
name. These forms can be executed by any user.
|
2002-05-06 21:47:30 +02:00
|
|
|
</para>
|
2001-05-08 23:06:43 +02:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Examples</title>
|
|
|
|
|
2003-02-19 05:06:28 +01:00
|
|
|
<programlisting>
|
|
|
|
SELECT SESSION_USER, CURRENT_USER;
|
|
|
|
|
|
|
|
session_user | current_user
|
2001-05-08 23:06:43 +02:00
|
|
|
--------------+--------------
|
|
|
|
peter | peter
|
|
|
|
|
2003-02-19 05:06:28 +01:00
|
|
|
SET SESSION AUTHORIZATION 'paul';
|
|
|
|
|
|
|
|
SELECT SESSION_USER, CURRENT_USER;
|
2001-05-08 23:06:43 +02:00
|
|
|
|
2003-02-19 05:06:28 +01:00
|
|
|
session_user | current_user
|
2001-05-08 23:06:43 +02:00
|
|
|
--------------+--------------
|
|
|
|
paul | paul
|
2003-02-19 05:06:28 +01:00
|
|
|
</programlisting>
|
2001-05-08 23:06:43 +02:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Compatibility</title>
|
|
|
|
|
|
|
|
<para>
|
2003-05-04 04:23:16 +02:00
|
|
|
The SQL standard allows some other expressions to appear in place
|
2005-07-27 01:24:02 +02:00
|
|
|
of the literal <replaceable>username</replaceable>, but these options
|
|
|
|
are not important in practice. <productname>PostgreSQL</productname>
|
2003-05-04 04:23:16 +02:00
|
|
|
allows identifier syntax (<literal>"username"</literal>), which SQL
|
|
|
|
does not. SQL does not allow this command during a transaction;
|
2003-09-11 23:42:20 +02:00
|
|
|
<productname>PostgreSQL</productname> does not make this
|
2005-07-26 00:12:34 +02:00
|
|
|
restriction because there is no reason to.
|
|
|
|
The <literal>SESSION</> and <literal>LOCAL</> modifiers are a
|
|
|
|
<productname>PostgreSQL</productname> extension, as is the
|
|
|
|
<literal>RESET</> syntax.
|
2001-05-08 23:06:43 +02:00
|
|
|
</para>
|
2005-07-26 00:12:34 +02:00
|
|
|
|
|
|
|
<para>
|
|
|
|
The privileges necessary to execute this command are left
|
|
|
|
implementation-defined by the standard.
|
|
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>See Also</title>
|
|
|
|
|
|
|
|
<simplelist type="inline">
|
|
|
|
<member><xref linkend="sql-set-role" endterm="sql-set-role-title"></member>
|
|
|
|
</simplelist>
|
2001-05-08 23:06:43 +02:00
|
|
|
</refsect1>
|
|
|
|
</refentry>
|