From: | "Bossart, Nathan" <bossartn(at)amazon(dot)com> |
---|---|
To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, Joe Conway <mail(at)joeconway(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: documentation fix for SET ROLE |
Date: | 2021-03-15 17:09:00 |
Message-ID: | 925134DB-8212-4F60-8AB1-B1231D750CB4@amazon.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 3/15/21, 7:06 AM, "Laurenz Albe" <laurenz(dot)albe(at)cybertec(dot)at> wrote:
> On Fri, 2021-03-12 at 21:41 +0000, Bossart, Nathan wrote:
>> On 3/12/21, 11:14 AM, "Joe Conway" <mail(at)joeconway(dot)com> wrote:
>> > Looking back at the commit history it seems to me that this only works
>> > accidentally. Perhaps it would be best to fix RESET ROLE and be done with it.
>>
>> That seems reasonable to me.
>
> +1 from me too.
Here's my latest attempt. I think it's important to state that it
sets the role to the current session user identifier unless there is a
connection-time setting. If there is no connection-time setting, it
will reset the role to the current session user, which might be
different if you've run SET SESSION AUTHORIZATION.
diff --git a/doc/src/sgml/ref/set_role.sgml b/doc/src/sgml/ref/set_role.sgml
index 739f2c5cdf..f02babf3af 100644
--- a/doc/src/sgml/ref/set_role.sgml
+++ b/doc/src/sgml/ref/set_role.sgml
@@ -53,9 +53,16 @@ RESET ROLE
</para>
<para>
- The <literal>NONE</literal> and <literal>RESET</literal> forms reset the current
- user identifier to be the current session user identifier.
- These forms can be executed by any user.
+ <literal>SET ROLE NONE</literal> sets the current user identifier to the
+ current session user identifier, as returned by
+ <function>session_user</function>. <literal>RESET ROLE</literal> sets the
+ current user identifier to the connection-time setting specified by the
+ <link linkend="libpq-connect-options">command-line options</link>,
+ <link linkend="sql-alterrole"><command>ALTER ROLE</command></link>, or
+ <link linkend="sql-alterdatabase"><command>ALTER DATABASE</command></link>,
+ if any such settings exist. Otherwise, <literal>RESET ROLE</literal> sets
+ the current user identifier to the current session user identifier. These
+ forms can be executed by any user.
</para>
</refsect1>
Nathan
From | Date | Subject | |
---|---|---|---|
Next Message | Mark Dilger | 2021-03-15 17:13:55 | Re: REINDEX backend filtering |
Previous Message | Pavel Stehule | 2021-03-15 17:05:52 | Re: Parser Hook |