| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Real/effective user |
| Date: | 2001-04-18 19:36:34 |
| Message-ID: | Pine.LNX.4.30.0104182119290.762-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane writes:
> 1. "real user" = what you originally authenticated to the postmaster.
>
> 2. "session user" = what you can SET if your real identity is a superuser.
>
> 3. "current user" = effective userid for permission checks.
We could have a Boolean variable "authenticated user is superuser" which
would serve as the permission to execute SET SESSION AUTHENTICATION, while
we would not actually be making the identity of the real/authenticated
user available (so as to not confuse things unnecessarily).
> if a setuid function
> does a CREATE, shouldn't the created object be owned by the setuid user?
> I'm not sure that I *want* to accept the SQL spec on this point.
Me neither.
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-04-18 19:44:13 | Re: Modified driver to better handle NULL values...y |
| Previous Message | Bruce Momjian | 2001-04-18 19:34:14 | Re: Re: No printable 7.1 docs? |