diff options
Diffstat (limited to 'src/backend/utils')
| -rw-r--r-- | src/backend/utils/init/miscinit.c | 20 | ||||
| -rw-r--r-- | src/backend/utils/misc/guc.c | 10 |
2 files changed, 28 insertions, 2 deletions
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index 3fc27d7255d..609ba953c93 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -790,7 +790,25 @@ InitializeSessionUserId(const char *rolename, Oid roleid) { SetAuthenticatedUserId(roleid, is_superuser); - /* Set SessionUserId and related variables via the GUC mechanisms */ + /* + * Set SessionUserId and related variables, including "role", via the + * GUC mechanisms. + * + * Note: ideally we would use PGC_S_DYNAMIC_DEFAULT here, so that + * session_authorization could subsequently be changed from + * pg_db_role_setting entries. Instead, session_authorization in + * pg_db_role_setting has no effect. Changing that would require + * solving two problems: + * + * 1. If pg_db_role_setting has values for both session_authorization + * and role, we could not be sure which order those would be applied + * in, and it would matter. + * + * 2. Sites may have years-old session_authorization entries. There's + * not been any particular reason to remove them. Ending the dormancy + * of those entries could seriously change application behavior, so + * only a major release should do that. + */ SetConfigOption("session_authorization", rname, PGC_BACKEND, PGC_S_OVERRIDE); } diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 79599a2c10f..b733e692de8 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -8287,6 +8287,12 @@ set_config_option_ext(const char *name, const char *value, * expect that if "role" isn't supposed to be default, it * has been or will be set by a separate reload action. * + * Also, for the call from InitializeSessionUserId with + * source == PGC_S_OVERRIDE, use PGC_S_DYNAMIC_DEFAULT for + * "role"'s source, so that it's still possible to set + * "role" from pg_db_role_setting entries. (See notes in + * InitializeSessionUserId before changing this.) + * * A fine point: for RESET session_authorization, we do * "RESET role" not "SET ROLE NONE" (by passing down NULL * rather than "none" for the value). This would have the @@ -8299,7 +8305,9 @@ set_config_option_ext(const char *name, const char *value, (void) set_config_option_ext("role", value ? "none" : NULL, orig_context, - orig_source, + (orig_source == PGC_S_OVERRIDE) + ? PGC_S_DYNAMIC_DEFAULT + : orig_source, orig_srole, action, true, |