On 10/21/21 10:51, Tom Lane wrote:
> Toomas <toomas.kristin@gmail.com> writes:
>> 2) db=> select current_user, session_user;
>> current_user | session_user
>> --------------+--------------
>> db_owner | db_user
>> (1 row)
>
> Given that setup, I wonder which role you expected \password to change.
>
> If we target the current_user, we can expect the command to succeed.
> I'm just wondering if people will find that surprising.
> Targeting the session_user might be less surprising (or not?)
> but as this example shows, it can fail.
Well from here:
https://www.postgresql.org/docs/current/sql-set-session-authorization.html
'The current user identifier is relevant for permission checking.'
To me current_user would be the less surprising choice.
>
> One thing that would help, regardless of which definition we think
> is most appropriate, is to have \password explicitly say which role
> it's intending to set the password for:
>
> db=> \password
> Enter new password for role "dbowner":
> Enter it again:
Yes, that would be helpful in untangling who you are actually pointing at.
>
> regards, tom lane
>
--
Adrian Klaver
adrian.klaver@aklaver.com