Man Pages

set_session_authorization(7) - phpMan set_session_authorization(7) - phpMan

Command: man perldoc info search(apropos)  


SET SESSION AUTHORIZATION(7)     SQL Commands     SET SESSION AUTHORIZATION(7)



NAME
       SET SESSION AUTHORIZATION - set the session user identifier and the current user identifier of the current ses-
       sion


SYNOPSIS
       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
       RESET SESSION AUTHORIZATION


DESCRIPTION
       This command sets the session user identifier and the current user identifier of the current SQL session to  be
       username.  The  user name can be written as either an identifier or a string literal. Using this command, it is
       possible, for example, to temporarily become an unprivileged user and later switch back to being a superuser.

       The session user identifier is initially set to be the (possibly  authenticated)  user  name  provided  by  the
       client.  The  current  user  identifier is normally equal to the session user identifier, but might change tem-
       porarily in the context of SECURITY DEFINER functions and similar mechanisms; it can also  be  changed  by  SET
       ROLE [set_role(7)].  The current user identifier is relevant for permission checking.

       The  session  user  identifier can be changed only if the initial session user (the authenticated user) had the
       superuser privilege. Otherwise, the command is accepted only if it specifies the authenticated user name.

       The SESSION and LOCAL modifiers act the same as for the regular SET [set(7)] command.

       The DEFAULT and RESET forms reset the session and current user identifiers to be the  originally  authenticated
       user name. These forms can be executed by any user.

NOTES
       SET SESSION AUTHORIZATION cannot be used within a SECURITY DEFINER function.

EXAMPLES
       SELECT SESSION_USER, CURRENT_USER;

        session_user | current_user
       --------------+--------------
        peter        | peter

       SET SESSION AUTHORIZATION 'paul';

       SELECT SESSION_USER, CURRENT_USER;

        session_user | current_user
       --------------+--------------
        paul         | paul


COMPATIBILITY
       The  SQL  standard  allows some other expressions to appear in place of the literal username, but these options
       are not important in practice. PostgreSQL allows identifier syntax ("username"), which SQL does not.  SQL  does
       not allow this command during a transaction; PostgreSQL does not make this restriction because there is no rea-
       son to.  The SESSION and LOCAL modifiers are a PostgreSQL extension, as is the RESET syntax.

       The privileges necessary to execute this command are left implementation-defined by the standard.

SEE ALSO
       SET ROLE [set_role(7)]



SQL - Language Statements         2014-02-17      SET SESSION AUTHORIZATION(7)