1 files changed, 1 insertions, 36 deletions

diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index 730a3ac4289..7803a91525e 100644
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.119.2.1 2008/01/03 21:23:45 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.119.2.2 2009/09/03 22:08:29 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -620,22 +620,6 @@ assign_session_authorization(const char *value, bool doit, GucSource source)
 		/* not a saved ID, so look it up */
 		HeapTuple	roleTup;
 
-		if (InSecurityDefinerContext())
-		{
-			/*
-			 * Disallow SET SESSION AUTHORIZATION inside a security definer
-			 * context.  We need to do this because when we exit the context,
-			 * GUC won't be notified, leaving things out of sync.  Note that
-			 * this test is positioned so that restoring a previously saved
-			 * setting isn't prevented.
-			 */
-			if (source >= PGC_S_INTERACTIVE)
-				ereport(ERROR,
-						(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
-						 errmsg("cannot set session authorization within security-definer function")));
-			return NULL;
-		}
-
 		if (!IsTransactionState())
 		{
 			/*
@@ -743,25 +727,6 @@ assign_role(const char *value, bool doit, GucSource source)
 		}
 	}
 
-	if (roleid == InvalidOid && InSecurityDefinerContext())
-	{
-		/*
-		 * Disallow SET ROLE inside a security definer context.  We need to do
-		 * this because when we exit the context, GUC won't be notified,
-		 * leaving things out of sync.  Note that this test is arranged so
-		 * that restoring a previously saved setting isn't prevented.
-		 *
-		 * XXX it would be nice to allow this case in future, with the
-		 * behavior being that the SET ROLE's effects end when the security
-		 * definer context is exited.
-		 */
-		if (source >= PGC_S_INTERACTIVE)
-			ereport(ERROR,
-					(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
-					 errmsg("cannot set role within security-definer function")));
-		return NULL;
-	}
-
 	if (roleid == InvalidOid &&
 		strcmp(actual_rolename, "none") != 0)
 	{