set_session_authorization

a b c d e f g h i j k l m n o p q r s t u v w x y z _
SET SESSION AUTHORIZATION()	 SQL Commands	  SET SESSION AUTHORIZATION()



NAME
       SET  SESSION  AUTHORIZATION  - set the session user identifier and the
       current user identifier of the current session


SYNOPSIS
       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
       SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
       RESET SESSION AUTHORIZATION


DESCRIPTION
       This command sets the session user identifier  and  the	current	 user
       identifier  of  the  current SQL session to be username. The user name
       may be written as either an identifier or a string literal. Using this
       command, it is possible, for example, to temporarily become an unpriv-
       ileged user and later switch back to become a superuser.

       The session user identifier is  initially  set  to  be  the  (possibly
       authenticated)  user  name  provided  by	 the client. The current user
       identifier is normally equal to the session user identifier, but might
       change  temporarily  in	the context of SECURITY DEFINER functions and
       similar mechanisms. The current user identifier is relevant  for	 per-
       mission checking.

       The session user identifier may be changed only if the initial session
       user (the authenticated user) had the superuser privilege.  Otherwise,
       the  command  is	 accepted only if it specifies the authenticated user
       name.

       The SESSION and LOCAL modifiers act the same as for  the	 regular  SET
       [set(7)] command.

       The DEFAULT and RESET forms reset the session and current user identi-
       fiers to be the originally authenticated user name. These forms may be
       executed by any user.

NOTES
       SET  SESSION  AUTHORIZATION  cannot  be used within a SECURITY DEFINER
       function.

EXAMPLES
       SELECT SESSION_USER, CURRENT_USER;

	session_user | current_user
       --------------+--------------
	peter	     | peter

       SET SESSION AUTHORIZATION ’paul’;

       SELECT SESSION_USER, CURRENT_USER;

	session_user | current_user
       --------------+--------------
	paul	     | paul


COMPATIBILITY
       The SQL standard allows some other expressions to appear in  place  of
       the  literal  username which are not important in practice. PostgreSQL
       allows identifier syntax ("username"), which SQL does  not.  SQL	 does
       not  allow this command during a transaction; PostgreSQL does not make
       this restriction because there is no reason to. The privileges  neces-
       sary  to	 execute  this command are left implementation-defined by the
       standard.



SQL - Language Statements	  2008-01-03	  SET SESSION AUTHORIZATION()