I proclaimed:
> Tom Lane writes:
>
> > 1. "real user" = what you originally authenticated to the postmaster.
> >
> > 2. "session user" = what you can SET if your real identity is a superuser.
> >
> > 3. "current user" = effective userid for permission checks.
>
> We could have a Boolean variable "authenticated user is superuser" which
> would serve as the permission to execute SET SESSION AUTHENTICATION, while
> we would not actually be making the identity of the real/authenticated
> user available (so as to not confuse things unnecessarily).
I have implemented this; it seems to do what we need:
$ ~/pg-install/bin/psql -U peter
peter=# set session authorization 'joeblow';
SET VARIABLE
peter=# create table foo (a int);
CREATE
peter=# \dt List of relationsName | Type | Owner
-------+-------+---------foo | table | joeblowtest | table | petertest2 | table | peter
(3 rows)
Libpq's PQuser() can no longer be trusted for up to date information, so
psql's prompt, if set up that way, may be wrong, but I'm not sure whether
this is worth worrying about.
--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter