DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

set_session_authorization(5)

NAME

       SET  SESSION  AUTHORIZATION - set the session user identi-
       fier and the current user identifier of the  current  ses-
       sion

SYNOPSIS

       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
       RESET SESSION AUTHORIZATION

DESCRIPTION

       This command sets the session user identifier and the cur-
       rent user identifier of the  current  SQL  session  to  be
       username.  The user name may be written as either an iden-
       tifier or a string literal. Using this command, it is pos-
       sible,  for example, to temporarily become an unprivileged
       user and later switch back to being a superuser.

       The session user identifier is initially  set  to  be  the
       (possibly authenticated) user name provided by the client.
       The current user identifier is normally equal to the  ses-
       sion  user identifier, but might change temporarily in the
       context of SECURITY DEFINER functions and  similar  mecha-
       nisms;  it  can also be changed by SET ROLE [set_role(5)].
       The current user identifier  is  relevant  for  permission
       checking.

       The  session  user  identifier  may be changed only if the
       initial session user  (the  authenticated  user)  had  the
       superuser  privilege.  Otherwise,  the command is accepted
       only if it specifies the authenticated user name.

       The SESSION and LOCAL modifiers act the same  as  for  the
       regular SET [set(5)] command.

       The  DEFAULT and RESET forms reset the session and current
       user identifiers to be the originally  authenticated  user
       name. These forms may be executed by any user.

NOTES

       SET SESSION AUTHORIZATION cannot be used within a SECURITY
       DEFINER function.

EXAMPLES

       SELECT SESSION_USER, CURRENT_USER;

        session_user | current_user
       --------------+--------------
        peter        | peter

       SET SESSION AUTHORIZATION 'paul';

       SELECT SESSION_USER, CURRENT_USER;

        session_user | current_user
       --------------+--------------
        paul         | paul

COMPATIBILITY

       The SQL standard allows some other expressions  to  appear
       in  place  of  the literal username, but these options are
       not important in practice.  PostgreSQL  allows  identifier
       syntax  ("username"),  which  SQL  does  not. SQL does not
       allow this command during a transaction;  PostgreSQL  does
       not  make  this restriction because there is no reason to.
       The SESSION and LOCAL modifiers are  a  PostgreSQL  exten-
       sion, as is the RESET syntax.

       The  privileges necessary to execute this command are left
       implementation-defined by the standard.

SEE ALSO

       SET ROLE [set_role(5)]

SQL - Language Statements   2008-01-03SET SESSION AUTHORIZATION()
Man(1) output converted with man2html