Re: Real/effective user
От | Peter Eisentraut |
---|---|
Тема | Re: Real/effective user |
Дата | |
Msg-id | Pine.LNX.4.30.0104182119290.762-100000@peter.localdomain обсуждение исходный текст |
Ответ на | Re: Real/effective user (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
SET SESSION AUTHORIZATION (was Re: Real/effective user)
|
Список | pgsql-hackers |
Tom Lane writes: > 1. "real user" = what you originally authenticated to the postmaster. > > 2. "session user" = what you can SET if your real identity is a superuser. > > 3. "current user" = effective userid for permission checks. We could have a Boolean variable "authenticated user is superuser" which would serve as the permission to execute SET SESSION AUTHENTICATION, while we would not actually be making the identity of the real/authenticated user available (so as to not confuse things unnecessarily). > if a setuid function > does a CREATE, shouldn't the created object be owned by the setuid user? > I'm not sure that I *want* to accept the SQL spec on this point. Me neither. -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
В списке pgsql-hackers по дате отправления: