Yolinux.com

set_session_authorization manpage

Search topic Section


SET SESSION AUTHORIZATION()	 SQL Commands	   SET SESSION AUTHORIZATION()



NAME
       SET  SESSION  AUTHORIZATION  -  set the session user identifier and the
       current user identifier of the current session


SYNOPSIS
       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
       RESET SESSION AUTHORIZATION


DESCRIPTION
       This command sets the session user  identifier  and  the	 current  user
       identifier of the current SQL session to be username. The user name may
       be written as either an identifier or a string literal. Using this com-
       mand,  it  is  possible, for example, to temporarily become an unprivi-
       leged user and later switch back to being a superuser.

       The session user identifier  is	initially  set	to  be	the  (possibly
       authenticated) user name provided by the client. The current user iden-
       tifier is normally equal to the	session	 user  identifier,  but	 might
       change  temporarily  in	the  context of SECURITY DEFINER functions and
       similar mechanisms; it can also be changed by SET  ROLE	[set_role(7)].
       The current user identifier is relevant for permission checking.

       The  session user identifier may be changed only if the initial session
       user (the authenticated user) had the superuser	privilege.  Otherwise,
       the  command  is	 accepted  only if it specifies the authenticated user
       name.

       The SESSION and LOCAL modifiers act the same as	for  the  regular  SET
       [set(7)] command.

       The  DEFAULT and RESET forms reset the session and current user identi-
       fiers to be the originally authenticated user name. These forms may  be
       executed by any user.

NOTES
       SET  SESSION  AUTHORIZATION  cannot  be	used within a SECURITY DEFINER
       function.

EXAMPLES
       SELECT SESSION_USER, CURRENT_USER;

	session_user | current_user
       --------------+--------------
	peter	     | peter

       SET SESSION AUTHORIZATION 'paul';

       SELECT SESSION_USER, CURRENT_USER;

	session_user | current_user
       --------------+--------------
	paul	     | paul


COMPATIBILITY
       The SQL standard allows some other expressions to appear	 in  place  of
       the  literal username, but these options are not important in practice.
       PostgreSQL allows identifier syntax ("username"), which SQL  does  not.
       SQL  does  not allow this command during a transaction; PostgreSQL does
       not make this restriction because there is no reason to.	  The  SESSION
       and LOCAL modifiers are a PostgreSQL extension, as is the RESET syntax.

       The  privileges	necessary to execute this command are left implementa-
       tion-defined by the standard.

SEE ALSO
       SET ROLE [set_role(7)]



SQL - Language Statements	  2010-12-14	   SET SESSION AUTHORIZATION()