1SET SESSION AUTHORIZATION(7)     SQL Commands     SET SESSION AUTHORIZATION(7)
2
3
4

NAME

6       SET  SESSION  AUTHORIZATION  -  set the session user identifier and the
7       current user identifier of the current session
8
9

SYNOPSIS

11       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
12       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
13       RESET SESSION AUTHORIZATION
14
15

DESCRIPTION

17       This command sets the session user  identifier  and  the  current  user
18       identifier of the current SQL session to be username. The user name can
19       be written as either an identifier or a string literal. Using this com‐
20       mand,  it  is  possible, for example, to temporarily become an unprivi‐
21       leged user and later switch back to being a superuser.
22
23       The session user identifier  is  initially  set  to  be  the  (possibly
24       authenticated) user name provided by the client. The current user iden‐
25       tifier is normally equal to the  session  user  identifier,  but  might
26       change  temporarily  in  the  context of SECURITY DEFINER functions and
27       similar mechanisms; it can also be changed by SET  ROLE  [set_role(7)].
28       The current user identifier is relevant for permission checking.
29
30       The  session user identifier can be changed only if the initial session
31       user (the authenticated user) had the superuser  privilege.  Otherwise,
32       the  command  is  accepted  only if it specifies the authenticated user
33       name.
34
35       The SESSION and LOCAL modifiers act the same as  for  the  regular  SET
36       [set(7)] command.
37
38       The  DEFAULT and RESET forms reset the session and current user identi‐
39       fiers to be the originally authenticated user name. These forms can  be
40       executed by any user.
41

NOTES

43       SET  SESSION  AUTHORIZATION  cannot  be  used within a SECURITY DEFINER
44       function.
45

EXAMPLES

47       SELECT SESSION_USER, CURRENT_USER;
48
49        session_user | current_user
50       --------------+--------------
51        peter        | peter
52
53       SET SESSION AUTHORIZATION 'paul';
54
55       SELECT SESSION_USER, CURRENT_USER;
56
57        session_user | current_user
58       --------------+--------------
59        paul         | paul
60
61

COMPATIBILITY

63       The SQL standard allows some other expressions to appear  in  place  of
64       the  literal username, but these options are not important in practice.
65       PostgreSQL allows identifier syntax ("username"), which SQL  does  not.
66       SQL  does  not allow this command during a transaction; PostgreSQL does
67       not make this restriction because there is no reason to.   The  SESSION
68       and LOCAL modifiers are a PostgreSQL extension, as is the RESET syntax.
69
70       The  privileges  necessary to execute this command are left implementa‐
71       tion-defined by the standard.
72

SEE ALSO

74       SET ROLE [set_role(7)]
75
76
77
78SQL - Language Statements         2011-09-22      SET SESSION AUTHORIZATION(7)
Impressum