| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Antonios Christofides <anthony(at)itia(dot)ntua(dot)gr> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Cascade delete triggers change user credentials |
| Date: | 2004-02-17 14:57:45 |
| Message-ID: | 10290.1077029865@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Antonios Christofides <anthony(at)itia(dot)ntua(dot)gr> writes:
> In PostgreSQL there are actually up to THREE users active, not two:
> - The user who connected, which I shall call "connected user".
> - The user who became effective as the result of "alter session
> authorization" command. This is the user returned by session_user.
> - The user who is applicable for permission checking, current_user.
> If you try to "alter session authorization", PostgreSQL uses the
> "connected user" to determine whether you have permission to do so (or,
> at least, remembers that you initially connected as superuser). The
> current user is used in most other cases of permission checking.
[ looks at code... ] It does remember the original userid (which is
called AuthenticatedUser in the code), but AFAICT the only thing that
is actually used is knowledge of whether that userid is a superuser.
> The 7.4 manual, however, says that the session_user "is the user that
> initiated a database connection", and fails to mention "alter session
> authorization". Is the manual in error or the implementation?
The manual could stand improvement, evidently. I think this stuff is
correctly described in the vicinity of SET SESSION AUTHORIZATION, but
the status-function documentation sounds like it needs work. Feel free
to send in a docs patch ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Brendan Jurd | 2004-02-17 15:27:33 | Re: psql, 7.4, and the \d command |
| Previous Message | Eric Ridge | 2004-02-17 14:57:03 | Re: ps output and postgres |