Обсуждение: docs: set role permission checking, do I read this wrong?

Hi,

when reading the documentation about "set role" there is this:
https://www.postgresql.org/docs/16/sql-set-role.html

"After |SET ROLE|, permissions checking for SQL commands is carried out 
as though the named role were the one that had logged in originally."

Given this:

postgres=# select session_user, current_user;
  session_user | current_user
--------------+--------------
  postgres     | postgres
(1 row)

postgres=# set role a;
SET
postgres=> create table t(a int);
ERROR:  permission denied for schema public
LINE 1: create table t(a int);
                      ^
Isn't it the other way around and permission checking is done as "a", or 
do I read this wrong?

Best regards
Daniel

On Wednesday, October 18, 2023, Daniel Westermann <daniel.westermann@dbi-services.com> wrote:

"After |SET ROLE|, permissions checking for SQL commands is carried out as though the named role were the one that had logged in originally."

Isn't it the other way around and permission checking is done as "a", or do I read this wrong?

On 10/18/23 09:26, David G. Johnston wrote:

On Wednesday, October 18, 2023, Daniel Westermann <daniel.westermann@dbi-services.com> wrote:

"After |SET ROLE|, permissions checking for SQL commands is carried out as though the named role were the one that had logged in originally."

Isn't it the other way around and permission checking is done as "a", or do I read this wrong?

It is saying “a” is the current_user:

When you set role to (named role) a the system behaves as if (named role) a had logged in originally (even though, in that example, postgres is the role that originally logged in)

David J.

Thank you, this is what I see in the small example. Maybe it is my English, but this sentence sounds confusing.

Regards
Daniel

On Wednesday, October 18, 2023, Daniel Westermann <daniel.westermann@dbi-services.com> wrote:

Thank you, this is what I see in the small example. Maybe it is my English, but this sentence sounds confusing.