Re: SET SESSION AUTHORIZATION (was Re: Real/effective user)
От | Peter Eisentraut |
---|---|
Тема | Re: SET SESSION AUTHORIZATION (was Re: Real/effective user) |
Дата | |
Msg-id | Pine.LNX.4.30.0104232306590.758-100000@peter.localdomain обсуждение исходный текст |
Ответ на | Re: SET SESSION AUTHORIZATION (was Re: Real/effective user) (Karel Zak <zakkr@zf.jcu.cz>) |
Список | pgsql-hackers |
Karel Zak writes: > Great! With this feature is possible use persisten connection and > on-the-fly changing actual user, right? It's very useful for example > web application that checking user privilege via SQL layout. A real persistent connection solution would require real session management, especially the ability to reset configuration options made during the previous session. > (connected as superuser) > > set session authorization 'userA'; > set session authorization 'userB'; > > IMHO it must be disable, right must be something like: > > set session authorization 'userA'; > unset session authorization; <-- switch back to superuser > set session authorization 'userB'; You can't "unset" the session user, there must always be one because there is nothing below it. > ..like as on Linux: > > # su - zakkr > $ id -u > 1000 > $ su - jmarek > Password: > su: Authentication failure > Sorry. The difference here is that 'su' also starts a new session but set session authorization changes the state of the current session. So 'su' is similar to START SESSION; -- Don't know if this is the syntax. SET SESSION AUTHORIZATION 'xxx'; all in one command. When and if we get real session management we will probably have the ability to revert user identity changes like you probably imagine. -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
В списке pgsql-hackers по дате отправления: