From: | Karel Zak <zakkr(at)zf(dot)jcu(dot)cz> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: SET SESSION AUTHORIZATION (was Re: Real/effective user) |
Date: | 2001-04-23 09:54:41 |
Message-ID: | 20010423115441.B15699@ara.zf.jcu.cz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sat, Apr 21, 2001 at 05:43:02PM +0200, Peter Eisentraut wrote:
> I have implemented this; it seems to do what we need:
>
> $ ~/pg-install/bin/psql -U peter
>
> peter=# set session authorization 'joeblow';
> SET VARIABLE
> peter=# create table foo (a int);
> CREATE
> peter=# \dt
> List of relations
> Name | Type | Owner
> -------+-------+---------
> foo | table | joeblow
> test | table | peter
> test2 | table | peter
> (3 rows)
Great! With this feature is possible use persisten connection and
on-the-fly changing actual user, right? It's very useful for example
web application that checking user privilege via SQL layout.
I have I question, what happen with this code:
(connected as superuser)
set session authorization 'userA';
set session authorization 'userB';
IMHO it must be disable, right must be something like:
set session authorization 'userA';
unset session authorization; <-- switch back to superuser
set session authorization 'userB';
..like as on Linux:
# su - zakkr
$ id -u
1000
$ su - jmarek
Password:
su: Authentication failure
Sorry.
Karel
--
Karel Zak <zakkr(at)zf(dot)jcu(dot)cz>
http://home.zf.jcu.cz/~zakkr/
C, PostgreSQL, PHP, WWW, http://docs.linux.cz, http://mape.jcu.cz
From | Date | Subject | |
---|---|---|---|
Next Message | Zeugswetter Andreas SB | 2001-04-23 10:34:05 | AW: AW: RFC: planner statistics in 7.2 |
Previous Message | Tatsuo Ishii | 2001-04-23 06:25:15 | pg_statistic |