Re: Session Identifiers
| От | Dmitry Igrishin |
|---|---|
| Тема | Re: Session Identifiers |
| Дата | |
| Msg-id | CAAfz9KNQp8SsM44fjUVO_GDUx_Ou-K2uh0NtZm5Fr0s4aLga9Q@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Session Identifiers (Pavel Stehule <pavel.stehule@gmail.com>) |
| Ответы |
Re: Session Identifiers
|
| Список | pgsql-general |
2015-12-20 19:44 GMT+03:00 Pavel Stehule <pavel.stehule@gmail.com>:
-- 2015-12-20 17:30 GMT+01:00 Dmitry Igrishin <dmitigr@gmail.com>:Can be totally different if you use some connection pooler like pgpool or pgbouncer - these applications can reuse Postgres server sessions for more user sessions.BTW, AFAIK, it's not possible to change the session authentication information byusing SET SESSION AUTHORIZATION [1] if the current user is not a superuser.But it would be very nice to have a feature to change the session authorizationof current user even without superuser's privilege by supplying a password ofthe user specified in SET SESSION AUTHORIZATION. This feature allowsto use PostgreSQL's native privileges via connection pools -- i.e. withoutneeds to open a dedicated connection for authenticated user. Is it possibleto implement it?there is a workaround with security definer function and SET role TO ?
No there isn't. According to [2] "SET ROLE cannot be used within SECURITY
DEFINER function". Furthermore, SET ROLE doesn't affects the session_user's
function result which can be used by a logic.
// Dmitry.
В списке pgsql-general по дате отправления: