Στις Wednesday 29 December 2010 16:06:41 ο/η Achilleas Mantzios έγραψε:
> Hello,
> i noticed that the user name as displayed in the postgresql log (specified by %u) in the log_line_prefix
> does not show the user name of the effective user (current_user)as set by "SET SESSION AUTHORIZATION"
> but, instead, shows the initial user which first authenticated against the said connection.
> I think it would be better to have this user reported in the log files. (or have another entry e.g. %U to denote
that)
Also i noticed (in 9.0.2) that both SET SESSION AUTHORIZATION and SET ROLE do not reflect this change
in pg_stat_get_activity function, (and subsequently in the pg_stat_activity view).
I can imagine the use of either SET SESSION AUTHORIZATION and SET ROLE to achieve personalized
connections in a connection pool, without sucrificing any of the beneficial principles of having
a pool of equivalent connections.
I think having each user in an application connecting with his/her own credentials and authorizations
is a very good thing. Currently i am thinking of configuring smth like this in the jboss connection pool.
Unfortunately the current software only allows for subpools for each user, making the reuse and sharing of
connections impossible, but even if jboss and the postgresql jdbc driver allowed to do that
(via SET SESSION AUTHORIZATION or SET ROLE) then again the situation would not be complete
since the entries in the log and pg_stat_activity would still show the initial user who opened the connection.
(except there are other ways to change the current_user which i am missing).
I think, the combination of the two worlds (having both a generic single superpool of equivalent connections which
everybody could use, on one hand, and having the possibility of completetly personalizing connections
acquired from the pool according to the user of the application, having its name appearing in stats
and in log files as usesysid, on the other hand) is something both desirable and missing from
the current solutions available.
In the case of a more simple web environment, that might not be smth very important,
but in business environment, having each user reported separately in the postgresql side, i think,
would be very good to have.
> --
> Achilleas Mantzios
>
--
Achilleas Mantzios