Re: Can db user change own password?

On 10/21/21 10:51, Tom Lane wrote:
> Toomas <toomas.kristin@gmail.com> writes:
>> 2) db=> select current_user, session_user;
>>   current_user | session_user
>> --------------+--------------
>>   db_owner      | db_user
>> (1 row)
> 
> Given that setup, I wonder which role you expected \password to change.
> 
> If we target the current_user, we can expect the command to succeed.
> I'm just wondering if people will find that surprising.
> Targeting the session_user might be less surprising (or not?)
> but as this example shows, it can fail.

Well from here:

https://www.postgresql.org/docs/current/sql-set-session-authorization.html

'The current user identifier is relevant for permission checking.'

To me current_user would be the less surprising choice.

> 
> One thing that would help, regardless of which definition we think
> is most appropriate, is to have \password explicitly say which role
> it's intending to set the password for:
> 
> db=> \password
> Enter new password for role "dbowner":
> Enter it again:

Yes, that would be helpful in untangling who you are actually pointing at.

> 
>             regards, tom lane
> 


-- 
Adrian Klaver
adrian.klaver@aklaver.com