From: | "Bossart, Nathan" <bossartn(at)amazon(dot)com> |
---|---|
To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | documentation fix for SET ROLE |
Date: | 2021-02-17 18:56:24 |
Message-ID: | D1328B50-F08B-455A-A009-C152438A2A67@amazon.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi hackers,
I noticed some interesting role behavior that seems to be either a bug
or a miss in the documentation. The documentation for SET ROLE claims
that RESET ROLE resets "the current user identifier to be the current
session user identifier" [0], but this doesn't seem to hold true when
"role" has been set via pg_db_role_setting. Here is an example:
setup:
postgres=# CREATE ROLE test2;
CREATE ROLE
postgres=# CREATE ROLE test1 LOGIN CREATEROLE IN ROLE test2;
CREATE ROLE
postgres=# ALTER ROLE test1 SET ROLE test2;
ALTER ROLE
after logging in as test1:
postgres=> SELECT SESSION_USER, CURRENT_USER;
session_user | current_user
--------------+--------------
test1 | test2
(1 row)
postgres=> RESET ROLE;
RESET
postgres=> SELECT SESSION_USER, CURRENT_USER;
session_user | current_user
--------------+--------------
test1 | test2
(1 row)
I believe this behavior is caused by the "role" getting set at
PGC_S_GLOBAL, which sets the default used by RESET [1]. IMO this just
requires a small documentation fix. Here is my first attempt:
diff --git a/doc/src/sgml/ref/set_role.sgml b/doc/src/sgml/ref/set_role.sgml
index 739f2c5cdf..a69bfeae24 100644
--- a/doc/src/sgml/ref/set_role.sgml
+++ b/doc/src/sgml/ref/set_role.sgml
@@ -54,7 +54,12 @@ RESET ROLE
<para>
The <literal>NONE</literal> and <literal>RESET</literal> forms reset the current
- user identifier to be the current session user identifier.
+ user identifier to the default value. The default value is whatever value it
+ would be if no <command>SET</command> had been executed in the current
+ session. This can be the command-line option value, the per-database default
+ setting, or the per-user default setting for the role, if any such settings
+ exist. Otherwise, the default value will be the current session user
+ identifier.
These forms can be executed by any user.
</para>
</refsect1>
Nathan
[0] https://www.postgresql.org/docs/devel/sql-set-role.html
[1] https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/include/utils/guc.h;h=5004ee41;hb=HEAD#l79
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2021-02-17 19:12:47 | Re: documentation fix for SET ROLE |
Previous Message | Mark Dilger | 2021-02-17 18:46:10 | Re: new heapcheck contrib module |