From 293913568e6a7a86fd1479e1cff8e2ecb58d6568 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 13 Apr 2024 15:44:03 +0200
Subject: Adding upstream version 16.2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 doc/src/sgml/html/sql-set-role.html | 89 +++++++++++++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 doc/src/sgml/html/sql-set-role.html

(limited to 'doc/src/sgml/html/sql-set-role.html')

diff --git a/doc/src/sgml/html/sql-set-role.html b/doc/src/sgml/html/sql-set-role.html
new file mode 100644
index 0000000..0aab25f
--- /dev/null
+++ b/doc/src/sgml/html/sql-set-role.html
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>SET ROLE</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="sql-set-constraints.html" title="SET CONSTRAINTS" /><link rel="next" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">SET ROLE</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="sql-set-constraints.html" title="SET CONSTRAINTS">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="sql-commands.html" title="SQL Commands">Up</a></td><th width="60%" align="center">SQL Commands</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 16.2 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION">Next</a></td></tr></table><hr /></div><div class="refentry" id="SQL-SET-ROLE"><div class="titlepage"></div><a id="id-1.9.3.176.1" class="indexterm"></a><div class="refnamediv"><h2><span class="refentrytitle">SET ROLE</span></h2><p>SET ROLE — set the current user identifier of the current session</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><pre class="synopsis">
+SET [ SESSION | LOCAL ] ROLE <em class="replaceable"><code>role_name</code></em>
+SET [ SESSION | LOCAL ] ROLE NONE
+RESET ROLE
+</pre></div><div class="refsect1" id="id-1.9.3.176.5"><h2>Description</h2><p>
+   This command sets the current user
+   identifier of the current SQL session to be <em class="replaceable"><code>role_name</code></em>.  The role name can be
+   written as either an identifier or a string literal.
+   After <code class="command">SET ROLE</code>, permissions checking for SQL commands
+   is carried out as though the named role were the one that had logged
+   in originally.
+  </p><p>
+   The specified <em class="replaceable"><code>role_name</code></em>
+   must be a role that the current session user is a member of.
+   (If the session user is a superuser, any role can be selected.)
+  </p><p>
+   The <code class="literal">SESSION</code> and <code class="literal">LOCAL</code> modifiers act the same
+   as for the regular <a class="link" href="sql-set.html" title="SET"><code class="command">SET</code></a>
+   command.
+  </p><p>
+   <code class="literal">SET ROLE NONE</code> sets the current user identifier to the
+   current session user identifier, as returned by
+   <code class="function">session_user</code>.  <code class="literal">RESET ROLE</code> sets the
+   current user identifier to the connection-time setting specified by the
+   <a class="link" href="libpq-connect.html#LIBPQ-CONNECT-OPTIONS">command-line options</a>,
+   <a class="link" href="sql-alterrole.html" title="ALTER ROLE"><code class="command">ALTER ROLE</code></a>, or
+   <a class="link" href="sql-alterdatabase.html" title="ALTER DATABASE"><code class="command">ALTER DATABASE</code></a>,
+   if any such settings exist.  Otherwise, <code class="literal">RESET ROLE</code> sets
+   the current user identifier to the current session user identifier.  These
+   forms can be executed by any user.
+  </p></div><div class="refsect1" id="id-1.9.3.176.6"><h2>Notes</h2><p>
+   Using this command, it is possible to either add privileges or restrict
+   one's privileges.  If the session user role has been granted memberships
+   <code class="literal">WITH INHERIT TRUE</code>, it automatically has all the
+   privileges of every such role. In this case, <code class="command">SET ROLE</code>
+   effectively drops all the privileges except for those which the target role
+   directly possesses or inherits.  On the other hand, if the session user role
+   has been granted memberships <code class="literal">WITH INHERIT FALSE</code>, the
+   privileges of the granted roles can't be accessed by default. However, if
+   the role was granted <code class="literal">WITH SET TRUE</code>, the
+   session user can use <code class="command">SET ROLE</code> to drop the privileges
+   assigned directly to the session user and instead acquire the privileges
+   available to the named role. If the role was granted <code class="literal">WITH INHERIT
+   FALSE, SET FALSE</code> then the privileges of that role cannot be
+   exercised either with or without <code class="literal">SET ROLE</code>.
+  </p><p>
+   Note that when a superuser chooses to <code class="command">SET ROLE</code> to a
+   non-superuser role, they lose their superuser privileges.
+  </p><p>
+   <code class="command">SET ROLE</code> has effects comparable to
+   <a class="link" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION"><code class="command">SET SESSION AUTHORIZATION</code></a>, but the privilege
+   checks involved are quite different.  Also,
+   <code class="command">SET SESSION AUTHORIZATION</code> determines which roles are
+   allowable for later <code class="command">SET ROLE</code> commands, whereas changing
+   roles with <code class="command">SET ROLE</code> does not change the set of roles
+   allowed to a later <code class="command">SET ROLE</code>.
+  </p><p>
+   <code class="command">SET ROLE</code> does not process session variables as specified by
+   the role's <a class="link" href="sql-alterrole.html" title="ALTER ROLE"><code class="command">ALTER ROLE</code></a> settings;  this only happens during
+   login.
+  </p><p>
+   <code class="command">SET ROLE</code> cannot be used within a
+   <code class="literal">SECURITY DEFINER</code> function.
+  </p></div><div class="refsect1" id="id-1.9.3.176.7"><h2>Examples</h2><pre class="programlisting">
+SELECT SESSION_USER, CURRENT_USER;
+
+ session_user | current_user
+--------------+--------------
+ peter        | peter
+
+SET ROLE 'paul';
+
+SELECT SESSION_USER, CURRENT_USER;
+
+ session_user | current_user
+--------------+--------------
+ peter        | paul
+</pre></div><div class="refsect1" id="id-1.9.3.176.8"><h2>Compatibility</h2><p>
+   <span class="productname">PostgreSQL</span>
+   allows identifier syntax (<code class="literal">"<em class="replaceable"><code>rolename</code></em>"</code>), while
+   the SQL standard requires the role name to be written as a string
+   literal.  SQL does not allow this command during a transaction;
+   <span class="productname">PostgreSQL</span> does not make this
+   restriction because there is no reason to.
+   The <code class="literal">SESSION</code> and <code class="literal">LOCAL</code> modifiers are a
+   <span class="productname">PostgreSQL</span> extension, as is the
+   <code class="literal">RESET</code> syntax.
+  </p></div><div class="refsect1" id="id-1.9.3.176.9"><h2>See Also</h2><span class="simplelist"><a class="xref" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION"><span class="refentrytitle">SET SESSION AUTHORIZATION</span></a></span></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sql-set-constraints.html" title="SET CONSTRAINTS">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sql-commands.html" title="SQL Commands">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION">Next</a></td></tr><tr><td width="40%" align="left" valign="top">SET CONSTRAINTS </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 16.2 Documentation">Home</a></td><td width="40%" align="right" valign="top"> SET SESSION AUTHORIZATION</td></tr></table></div></body></html>
\ No newline at end of file
-- 
cgit v1.2.3