Quick Links

documentation fix for SET ROLE

From:	"Bossart, Nathan" <bossartn(at)amazon(dot)com>
To:	"pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject:	documentation fix for SET ROLE
Date:	2021-02-17 18:56:24
Message-ID:	D1328B50-F08B-455A-A009-C152438A2A67@amazon.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hi hackers,

I noticed some interesting role behavior that seems to be either a bug
or a miss in the documentation. The documentation for SET ROLE claims
that RESET ROLE resets "the current user identifier to be the current
session user identifier" [0], but this doesn't seem to hold true when
"role" has been set via pg_db_role_setting. Here is an example:

setup:
postgres=# CREATE ROLE test2;
CREATE ROLE
postgres=# CREATE ROLE test1 LOGIN CREATEROLE IN ROLE test2;
CREATE ROLE
postgres=# ALTER ROLE test1 SET ROLE test2;
ALTER ROLE

after logging in as test1:
postgres=> SELECT SESSION_USER, CURRENT_USER;
session_user | current_user
--------------+--------------
test1 | test2
(1 row)

postgres=> RESET ROLE;
RESET
postgres=> SELECT SESSION_USER, CURRENT_USER;
session_user | current_user
--------------+--------------
test1 | test2
(1 row)

I believe this behavior is caused by the "role" getting set at
PGC_S_GLOBAL, which sets the default used by RESET [1]. IMO this just
requires a small documentation fix. Here is my first attempt:

diff --git a/doc/src/sgml/ref/set_role.sgml b/doc/src/sgml/ref/set_role.sgml
index 739f2c5cdf..a69bfeae24 100644
--- a/doc/src/sgml/ref/set_role.sgml
+++ b/doc/src/sgml/ref/set_role.sgml
@@ -54,7 +54,12 @@ RESET ROLE

<para>
The <literal>NONE</literal> and <literal>RESET</literal> forms reset the current
- user identifier to be the current session user identifier.
+ user identifier to the default value. The default value is whatever value it
+ would be if no <command>SET</command> had been executed in the current
+ session. This can be the command-line option value, the per-database default
+ setting, or the per-user default setting for the role, if any such settings
+ exist. Otherwise, the default value will be the current session user
+ identifier.
These forms can be executed by any user.
</para>
</refsect1>

Nathan

[0] https://www.postgresql.org/docs/devel/sql-set-role.html
[1] https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/include/utils/guc.h;h=5004ee41;hb=HEAD#l79

Responses

Re: documentation fix for SET ROLE at 2021-02-17 19:12:47 from David G. Johnston

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	David G. Johnston	2021-02-17 19:12:47	Re: documentation fix for SET ROLE
Previous Message	Mark Dilger	2021-02-17 18:46:10	Re: new heapcheck contrib module