Postgresql 中文操作指南

SET SESSION AUTHORIZATION

SET SESSION AUTHORIZATION — 设置会话用户标识符和当前会话的当前用户标识符

SET SESSION AUTHORIZATION — set the session user identifier and the current user identifier of the current session

Synopsis

SET [ SESSION | LOCAL ] SESSION AUTHORIZATION user_name
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
RESET SESSION AUTHORIZATION

Description

此命令将当前 SQL 会话的会话用户标识符和当前用户标识符设置为 user_name 。用户名可以写成标识符或字符串字面量。使用此命令，例如，可以暂时成为一个非特权用户，然后再切换回超级用户。

This command sets the session user identifier and the current user identifier of the current SQL session to be user_name. The user name can be written as either an identifier or a string literal. Using this command, it is possible, for example, to temporarily become an unprivileged user and later switch back to being a superuser.

会话用户标识符最初设置为客户端提供的（可能已经过身份验证的）用户名。当前用户标识符通常等于会话用户标识符，但在 SECURITY DEFINER 函数和类似机制的上下文中可能会暂时更改；也可以由 SET ROLE 更改。当前用户标识符与权限检查相关。

The session user identifier is initially set to be the (possibly authenticated) user name provided by the client. The current user identifier is normally equal to the session user identifier, but might change temporarily in the context of SECURITY DEFINER functions and similar mechanisms; it can also be changed by SET ROLE. The current user identifier is relevant for permission checking.

只有当初始会话用户（ authenticated user ）具有超级用户权限时，才能更改会话用户标识符。否则，只有在命令指定已过身份验证的用户名时才会接受该命令。

The session user identifier can be changed only if the initial session user (the authenticated user) had the superuser privilege. Otherwise, the command is accepted only if it specifies the authenticated user name.

SESSION 和 LOCAL 修饰符的作用与常规 SET 命令的作用相同。

The SESSION and LOCAL modifiers act the same as for the regular SET command.

DEFAULT 和 RESET 形式将会话和当前用户标识符重置为原始经过身份验证的用户名。这些形式可以由任何用户执行。

The DEFAULT and RESET forms reset the session and current user identifiers to be the originally authenticated user name. These forms can be executed by any user.

Notes

SET SESSION AUTHORIZATION 不能在 SECURITY DEFINER 函数中使用。

SET SESSION AUTHORIZATION cannot be used within a SECURITY DEFINER function.

Examples

SELECT SESSION_USER, CURRENT_USER;

 session_user | current_user
--------------+--------------
 peter        | peter

SET SESSION AUTHORIZATION 'paul';

SELECT SESSION_USER, CURRENT_USER;

 session_user | current_user
--------------+--------------
 paul         | paul

Compatibility

SQL 标准允许其他一些表达式出现在字面量 user_name 的位置，但这些选项在实践中并不重要。PostgreSQL 允许标识符语法（ "_username " ), which SQL does not. SQL does not allow this command during a transaction; PostgreSQL does not make this restriction because there is no reason to. The _SESSION 和 LOCAL 修饰符是 PostgreSQL 扩展， RESET 语法也是如此。

The SQL standard allows some other expressions to appear in place of the literal user_name, but these options are not important in practice. PostgreSQL allows identifier syntax ("_username"), which SQL does not. SQL does not allow this command during a transaction; PostgreSQL does not make this restriction because there is no reason to. The _SESSION and LOCAL modifiers are a PostgreSQL extension, as is the RESET syntax.

执行此命令所需的权限由标准定义为特定于实现的。

The privileges necessary to execute this command are left implementation-defined by the standard.