Re: sudo-like behavior

Tom Lane wrote:
> "Florian G. Pflug" <fgp@phlo.org> writes:
>
>>Why don't you just use "SET SESSION AUTHORIZATION somerole", and then scan
>>the to-be-executel sql scripts for any occurence of "reset session authorization",
>>and ignore the script it matches.
>
> What would probably be better is a way to do SET SESSION AUTHORIZATION
> and then abandon the underlying superuser privilege, thereby absolutely
> guaranteeing that the session can't do anything the selected userid
> shouldn't be able to do.  You'd have to start a new session for each
> cronjob, but that would be a Really Good Idea anyway, given the lack of
> any way to fully restore a session to default state.

My "solution" (or hack ;-) ) was meant to work with current versions of postgres..
Of course, a command like "set session authorization <user> final" or such would be
a better way - maybe something for 8.2? ;-))

mfg, Florian Pflug