From 5e45211a64149b3c659b90ff2de6fa982a5a93ed Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 4 May 2024 14:17:33 +0200 Subject: Adding upstream version 15.5. Signed-off-by: Daniel Baumann --- doc/src/sgml/man7/SET_SESSION_AUTHORIZATION.7 | 113 ++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 doc/src/sgml/man7/SET_SESSION_AUTHORIZATION.7 (limited to 'doc/src/sgml/man7/SET_SESSION_AUTHORIZATION.7') diff --git a/doc/src/sgml/man7/SET_SESSION_AUTHORIZATION.7 b/doc/src/sgml/man7/SET_SESSION_AUTHORIZATION.7 new file mode 100644 index 0000000..641b48e --- /dev/null +++ b/doc/src/sgml/man7/SET_SESSION_AUTHORIZATION.7 @@ -0,0 +1,113 @@ +'\" t +.\" Title: SET SESSION AUTHORIZATION +.\" Author: The PostgreSQL Global Development Group +.\" Generator: DocBook XSL Stylesheets vsnapshot +.\" Date: 2023 +.\" Manual: PostgreSQL 15.5 Documentation +.\" Source: PostgreSQL 15.5 +.\" Language: English +.\" +.TH "SET SESSION AUTHORIZATION" "7" "2023" "PostgreSQL 15.5" "PostgreSQL 15.5 Documentation" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +SET_SESSION_AUTHORIZATION \- set the session user identifier and the current user identifier of the current session +.SH "SYNOPSIS" +.sp +.nf +SET [ SESSION | LOCAL ] SESSION AUTHORIZATION \fIuser_name\fR +SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT +RESET SESSION AUTHORIZATION +.fi +.SH "DESCRIPTION" +.PP +This command sets the session user identifier and the current user identifier of the current SQL session to be +\fIuser_name\fR\&. The user name can be written as either an identifier or a string literal\&. Using this command, it is possible, for example, to temporarily become an unprivileged user and later switch back to being a superuser\&. +.PP +The session user identifier is initially set to be the (possibly authenticated) user name provided by the client\&. The current user identifier is normally equal to the session user identifier, but might change temporarily in the context of +SECURITY DEFINER +functions and similar mechanisms; it can also be changed by +\fBSET ROLE\fR\&. The current user identifier is relevant for permission checking\&. +.PP +The session user identifier can be changed only if the initial session user (the +authenticated user) had the superuser privilege\&. Otherwise, the command is accepted only if it specifies the authenticated user name\&. +.PP +The +SESSION +and +LOCAL +modifiers act the same as for the regular +\fBSET\fR +command\&. +.PP +The +DEFAULT +and +RESET +forms reset the session and current user identifiers to be the originally authenticated user name\&. These forms can be executed by any user\&. +.SH "NOTES" +.PP +\fBSET SESSION AUTHORIZATION\fR +cannot be used within a +SECURITY DEFINER +function\&. +.SH "EXAMPLES" +.sp +.if n \{\ +.RS 4 +.\} +.nf +SELECT SESSION_USER, CURRENT_USER; + + session_user | current_user +\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\- + peter | peter + +SET SESSION AUTHORIZATION \*(Aqpaul\*(Aq; + +SELECT SESSION_USER, CURRENT_USER; + + session_user | current_user +\-\-\-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\-\-\-\- + paul | paul +.fi +.if n \{\ +.RE +.\} +.SH "COMPATIBILITY" +.PP +The SQL standard allows some other expressions to appear in place of the literal +\fIuser_name\fR, but these options are not important in practice\&. +PostgreSQL +allows identifier syntax ("\fIusername\fR"), which SQL does not\&. SQL does not allow this command during a transaction; +PostgreSQL +does not make this restriction because there is no reason to\&. The +SESSION +and +LOCAL +modifiers are a +PostgreSQL +extension, as is the +RESET +syntax\&. +.PP +The privileges necessary to execute this command are left implementation\-defined by the standard\&. +.SH "SEE ALSO" +SET ROLE (\fBSET_ROLE\fR(7)) -- cgit v1.2.3