Re: SYSTEM_USER reserved word implementation

On 6/22/22 12:28, Tom Lane wrote:
> Joe Conway <mail@joeconway.com> writes:
>> On 6/22/22 11:52, Tom Lane wrote:
>>> I think a case could be made for ONLY returning non-null when authn_id
>>> represents some externally-verified identifier (OS user ID gotten via
>>> peer identification, Kerberos principal, etc).
> 
>> But -1 on that.
> 
>> I think any time we have a non-null authn_id we should expose it. Are 
>> there examples of cases when we have authn_id but for some reason don't 
>> trust the value of it?
> 
> I'm more concerned about whether we have a consistent story about what
> SYSTEM_USER means (another way of saying "what type is it").  If it's
> just the same as SESSION_USER it doesn't seem like we've added much.
> 
> Maybe, instead of just being the raw user identifier, it should be
> something like "auth_method:user_identifier" so that one can tell
> what the identifier actually is and how it was verified.

Oh, that's an interesting thought -- I like that.

-- 
Joe Conway
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com