1SET SESSION AUTHORIZATION(7) SQL Commands SET SESSION AUTHORIZATION(7)
2
3
4
6 SET SESSION AUTHORIZATION - set the session user identifier and the
7 current user identifier of the current session
8
9
11 SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
12 SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
13 RESET SESSION AUTHORIZATION
14
15
17 This command sets the session user identifier and the current user
18 identifier of the current SQL session to be username. The user name can
19 be written as either an identifier or a string literal. Using this com‐
20 mand, it is possible, for example, to temporarily become an unprivi‐
21 leged user and later switch back to being a superuser.
22
23 The session user identifier is initially set to be the (possibly
24 authenticated) user name provided by the client. The current user iden‐
25 tifier is normally equal to the session user identifier, but might
26 change temporarily in the context of SECURITY DEFINER functions and
27 similar mechanisms; it can also be changed by SET ROLE [set_role(7)].
28 The current user identifier is relevant for permission checking.
29
30 The session user identifier can be changed only if the initial session
31 user (the authenticated user) had the superuser privilege. Otherwise,
32 the command is accepted only if it specifies the authenticated user
33 name.
34
35 The SESSION and LOCAL modifiers act the same as for the regular SET
36 [set(7)] command.
37
38 The DEFAULT and RESET forms reset the session and current user identi‐
39 fiers to be the originally authenticated user name. These forms can be
40 executed by any user.
41
43 SET SESSION AUTHORIZATION cannot be used within a SECURITY DEFINER
44 function.
45
47 SELECT SESSION_USER, CURRENT_USER;
48
49 session_user | current_user
50 --------------+--------------
51 peter | peter
52
53 SET SESSION AUTHORIZATION 'paul';
54
55 SELECT SESSION_USER, CURRENT_USER;
56
57 session_user | current_user
58 --------------+--------------
59 paul | paul
60
61
63 The SQL standard allows some other expressions to appear in place of
64 the literal username, but these options are not important in practice.
65 PostgreSQL allows identifier syntax ("username"), which SQL does not.
66 SQL does not allow this command during a transaction; PostgreSQL does
67 not make this restriction because there is no reason to. The SESSION
68 and LOCAL modifiers are a PostgreSQL extension, as is the RESET syntax.
69
70 The privileges necessary to execute this command are left implementa‐
71 tion-defined by the standard.
72
74 SET ROLE [set_role(7)]
75
76
77
78SQL - Language Statements 2011-09-22 SET SESSION AUTHORIZATION(7)