1 files changed, 31 insertions, 0 deletions

diff --git a/src/test/modules/unsafe_tests/expected/setconfig.out b/src/test/modules/unsafe_tests/expected/setconfig.out
new file mode 100644
index 00000000000..6a021d9ad03
--- /dev/null
+++ b/src/test/modules/unsafe_tests/expected/setconfig.out
@@ -0,0 +1,31 @@
+-- This is borderline unsafe in that an additional login-capable user exists
+-- during the test run.  Under installcheck, a too-permissive pg_hba.conf
+-- might allow unwanted logins as regress_authenticated_user_ssa.
+ALTER USER regress_authenticated_user_ssa superuser;
+CREATE ROLE regress_session_user;
+CREATE ROLE regress_current_user;
+GRANT regress_current_user TO regress_authenticated_user_sr;
+GRANT regress_session_user TO regress_authenticated_user_ssa;
+ALTER ROLE regress_authenticated_user_ssa
+	SET session_authorization = regress_session_user;
+ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
+\c - regress_authenticated_user_sr
+SELECT current_user, session_user;
+     current_user     |         session_user          
+----------------------+-------------------------------
+ regress_current_user | regress_authenticated_user_sr
+(1 row)
+
+-- The longstanding historical behavior is that session_authorization in
+-- setconfig has no effect.  Hence, session_user remains
+-- regress_authenticated_user_ssa.  See comment in InitializeSessionUserId().
+\c - regress_authenticated_user_ssa
+SELECT current_user, session_user;
+          current_user          |          session_user          
+--------------------------------+--------------------------------
+ regress_authenticated_user_ssa | regress_authenticated_user_ssa
+(1 row)
+
+RESET SESSION AUTHORIZATION;
+DROP USER regress_session_user;
+DROP USER regress_current_user;