aboutsummaryrefslogtreecommitdiff
path: root/doc/src/sgml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src/sgml')
-rw-r--r--doc/src/sgml/func.sgml6
-rw-r--r--doc/src/sgml/ref/allfiles.sgml3
-rw-r--r--doc/src/sgml/ref/pg_dump.sgml6
-rw-r--r--doc/src/sgml/ref/pg_dumpall.sgml6
-rw-r--r--doc/src/sgml/ref/pg_restore.sgml6
-rw-r--r--doc/src/sgml/ref/set_role.sgml116
-rw-r--r--doc/src/sgml/ref/set_session_auth.sgml29
-rw-r--r--doc/src/sgml/reference.sgml3
8 files changed, 155 insertions, 20 deletions
diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index 59813e16f16..37087355150 100644
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@@ -1,5 +1,5 @@
<!--
-$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.269 2005/07/22 21:16:14 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.270 2005/07/25 22:12:30 tgl Exp $
PostgreSQL documentation
-->
@@ -8266,7 +8266,9 @@ select current_date + s.a as dates from generate_series(0,14,7) as s(a);
with <xref linkend="sql-set-session-authorization" endterm="sql-set-session-authorization-title">.
The <function>current_user</function> is the user identifier
that is applicable for permission checking. Normally, it is equal
- to the session user, but it changes during the execution of
+ to the session user, but it can be changed with
+ <xref linkend="sql-set-role" endterm="sql-set-role-title">.
+ It also changes during the execution of
functions with the attribute <literal>SECURITY DEFINER</literal>.
In Unix parlance, the session user is the <quote>real user</quote> and
the current user is the <quote>effective user</quote>.
diff --git a/doc/src/sgml/ref/allfiles.sgml b/doc/src/sgml/ref/allfiles.sgml
index 33e9e68b9d5..d993b64ad04 100644
--- a/doc/src/sgml/ref/allfiles.sgml
+++ b/doc/src/sgml/ref/allfiles.sgml
@@ -1,5 +1,5 @@
<!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.63 2005/06/17 22:32:42 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.64 2005/07/25 22:12:31 tgl Exp $
PostgreSQL documentation
Complete list of usable sgml source files in this directory.
-->
@@ -102,6 +102,7 @@ Complete list of usable sgml source files in this directory.
<!entity selectInto system "select_into.sgml">
<!entity set system "set.sgml">
<!entity setConstraints system "set_constraints.sgml">
+<!entity setRole system "set_role.sgml">
<!entity setSessionAuth system "set_session_auth.sgml">
<!entity setTransaction system "set_transaction.sgml">
<!entity show system "show.sgml">
diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml
index a6d8bb24078..288ae20a411 100644
--- a/doc/src/sgml/ref/pg_dump.sgml
+++ b/doc/src/sgml/ref/pg_dump.sgml
@@ -1,5 +1,5 @@
<!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/pg_dump.sgml,v 1.79 2005/07/10 15:08:52 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/pg_dump.sgml,v 1.80 2005/07/25 22:12:31 tgl Exp $
PostgreSQL documentation
-->
@@ -474,8 +474,8 @@ PostgreSQL documentation
<term><option>--use-set-session-authorization</></term>
<listitem>
<para>
- Output SQL standard SET SESSION AUTHORIZATION commands instead
- of OWNER TO commands. This makes the dump more standards compatible,
+ Output SQL standard SET SESSION AUTHORIZATION commands instead of
+ ALTER OWNER commands. This makes the dump more standards compatible,
but depending on the history of the objects in the dump, may not
restore properly.
</para>
diff --git a/doc/src/sgml/ref/pg_dumpall.sgml b/doc/src/sgml/ref/pg_dumpall.sgml
index c61ae094042..4cee1a4ed72 100644
--- a/doc/src/sgml/ref/pg_dumpall.sgml
+++ b/doc/src/sgml/ref/pg_dumpall.sgml
@@ -1,5 +1,5 @@
<!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/pg_dumpall.sgml,v 1.51 2005/06/21 20:45:43 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/pg_dumpall.sgml,v 1.52 2005/07/25 22:12:31 tgl Exp $
PostgreSQL documentation
-->
@@ -277,8 +277,8 @@ PostgreSQL documentation
<term><option>--use-set-session-authorization</></term>
<listitem>
<para>
- Output SQL standard SET SESSION AUTHORIZATION commands instead
- of OWNER TO commands. This makes the dump more standards compatible,
+ Output SQL standard SET SESSION AUTHORIZATION commands instead of
+ ALTER OWNER commands. This makes the dump more standards compatible,
but depending on the history of the objects in the dump, may not
restore properly.
</para>
diff --git a/doc/src/sgml/ref/pg_restore.sgml b/doc/src/sgml/ref/pg_restore.sgml
index 9b2b5fc3f26..d4a1a3e0f05 100644
--- a/doc/src/sgml/ref/pg_restore.sgml
+++ b/doc/src/sgml/ref/pg_restore.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/ref/pg_restore.sgml,v 1.53 2005/06/21 20:45:43 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/ref/pg_restore.sgml,v 1.54 2005/07/25 22:12:31 tgl Exp $ -->
<refentry id="APP-PGRESTORE">
<refmeta>
@@ -361,8 +361,8 @@
<term><option>--use-set-session-authorization</option></term>
<listitem>
<para>
- Output SQL standard SET SESSION AUTHORIZATION commands instead
- of OWNER TO commands. This makes the dump more standards compatible,
+ Output SQL standard SET SESSION AUTHORIZATION commands instead of
+ ALTER OWNER commands. This makes the dump more standards compatible,
but depending on the history of the objects in the dump, may not
restore properly.
</para>
diff --git a/doc/src/sgml/ref/set_role.sgml b/doc/src/sgml/ref/set_role.sgml
new file mode 100644
index 00000000000..6fbe40fabff
--- /dev/null
+++ b/doc/src/sgml/ref/set_role.sgml
@@ -0,0 +1,116 @@
+<!-- $PostgreSQL: pgsql/doc/src/sgml/ref/set_role.sgml,v 1.1 2005/07/25 22:12:31 tgl Exp $ -->
+<refentry id="SQL-SET-ROLE">
+ <refmeta>
+ <refentrytitle id="sql-set-role-title">SET ROLE</refentrytitle>
+ <refmiscinfo>SQL - Language Statements</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>SET ROLE</refname>
+ <refpurpose>set the current user identifier of the current session</refpurpose>
+ </refnamediv>
+
+ <indexterm zone="sql-set-role">
+ <primary>SET ROLE</primary>
+ </indexterm>
+
+ <refsynopsisdiv>
+<synopsis>
+SET [ SESSION | LOCAL ] ROLE <replaceable class="parameter">rolename</replaceable>
+SET [ SESSION | LOCAL ] ROLE NONE
+RESET ROLE
+</synopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para>
+ This command sets the current user
+ identifier of the current SQL-session context to be <replaceable
+ class="parameter">rolename</replaceable>. The role name may be
+ written as either an identifier or a string literal. Using this
+ command, it is possible to either add privileges or restrict one's
+ privileges.
+ </para>
+
+ <para>
+ The specified <replaceable class="parameter">rolename</replaceable>
+ must be a role that the current session user is a member of.
+ (If the session user is a superuser, any role can be selected.)
+ </para>
+
+ <para>
+ The <literal>SESSION</> and <literal>LOCAL</> modifiers act the same
+ as for the regular <xref linkend="SQL-SET" endterm="SQL-SET-title">
+ command.
+ </para>
+
+ <para>
+ The <literal>NONE</> and <literal>RESET</> forms reset the current
+ user identifier to be the current session user identifier.
+ These forms may be executed by any user.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Examples</title>
+
+<programlisting>
+SELECT SESSION_USER, CURRENT_USER;
+
+ session_user | current_user
+--------------+--------------
+ peter | peter
+
+SET ROLE 'paul';
+
+SELECT SESSION_USER, CURRENT_USER;
+
+ session_user | current_user
+--------------+--------------
+ peter | paul
+</programlisting>
+ </refsect1>
+
+ <refsect1>
+ <title>Compatibility</title>
+
+ <para>
+ <productname>PostgreSQL</productname>
+ allows identifier syntax (<literal>"rolename"</literal>), while
+ the SQL standard requires the role name to be written as a string
+ literal. SQL does not allow this command during a transaction;
+ <productname>PostgreSQL</productname> does not make this
+ restriction because there is no reason to.
+ The <literal>SESSION</> and <literal>LOCAL</> modifiers are a
+ <productname>PostgreSQL</productname> extension, as is the
+ <literal>RESET</> syntax.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+
+ <simplelist type="inline">
+ <member><xref linkend="sql-set-session-authorization" endterm="sql-set-session-authorization-title"></member>
+ </simplelist>
+ </refsect1>
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode:sgml
+sgml-omittag:nil
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+sgml-parent-document:nil
+sgml-default-dtd-file:"../reference.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:("/usr/lib/sgml/catalog")
+sgml-local-ecat-files:nil
+End:
+-->
diff --git a/doc/src/sgml/ref/set_session_auth.sgml b/doc/src/sgml/ref/set_session_auth.sgml
index 7014b8d2ab3..334847fb00e 100644
--- a/doc/src/sgml/ref/set_session_auth.sgml
+++ b/doc/src/sgml/ref/set_session_auth.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/ref/set_session_auth.sgml,v 1.12 2003/11/29 19:51:39 pgsql Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/ref/set_session_auth.sgml,v 1.13 2005/07/25 22:12:31 tgl Exp $ -->
<refentry id="SQL-SET-SESSION-AUTHORIZATION">
<refmeta>
<refentrytitle id="sql-set-session-authorization-title">SET SESSION AUTHORIZATION</refentrytitle>
@@ -31,7 +31,7 @@ RESET SESSION AUTHORIZATION
class="parameter">username</replaceable>. The user name may be
written as either an identifier or a string literal. Using this
command, it is possible, for example, to temporarily become an
- unprivileged user and later switch back to become a superuser.
+ unprivileged user and later switch back to being a superuser.
</para>
<para>
@@ -39,8 +39,9 @@ RESET SESSION AUTHORIZATION
authenticated) user name provided by the client. The current user
identifier is normally equal to the session user identifier, but
may change temporarily in the context of <quote>setuid</quote>
- functions and similar mechanisms. The current user identifier is
- relevant for permission checking.
+ functions and similar mechanisms; it can also be changed by
+ <xref linkend="sql-set-role" endterm="sql-set-role-title">.
+ The current user identifier is relevant for permission checking.
</para>
<para>
@@ -93,10 +94,24 @@ SELECT SESSION_USER, CURRENT_USER;
allows identifier syntax (<literal>"username"</literal>), which SQL
does not. SQL does not allow this command during a transaction;
<productname>PostgreSQL</productname> does not make this
- restriction because there is no reason to. The privileges
- necessary to execute this command are left implementation-defined
- by the standard.
+ restriction because there is no reason to.
+ The <literal>SESSION</> and <literal>LOCAL</> modifiers are a
+ <productname>PostgreSQL</productname> extension, as is the
+ <literal>RESET</> syntax.
</para>
+
+ <para>
+ The privileges necessary to execute this command are left
+ implementation-defined by the standard.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+
+ <simplelist type="inline">
+ <member><xref linkend="sql-set-role" endterm="sql-set-role-title"></member>
+ </simplelist>
</refsect1>
</refentry>
diff --git a/doc/src/sgml/reference.sgml b/doc/src/sgml/reference.sgml
index 4edec85c122..63ecfe12041 100644
--- a/doc/src/sgml/reference.sgml
+++ b/doc/src/sgml/reference.sgml
@@ -1,5 +1,5 @@
<!-- reference.sgml
-$PostgreSQL: pgsql/doc/src/sgml/reference.sgml,v 1.53 2005/06/17 22:32:42 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/reference.sgml,v 1.54 2005/07/25 22:12:30 tgl Exp $
PostgreSQL Reference Manual
-->
@@ -134,6 +134,7 @@ PostgreSQL Reference Manual
&selectInto;
&set;
&setConstraints;
+ &setRole;
&setSessionAuth;
&setTransaction;
&show;
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-03 08:06:34 +0000