NAME

SET SESSION AUTHORIZATION - 為當前會話設置會話用戶標識符和當前用戶標識符

SYNOPSIS

SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
RESET SESSION AUTHORIZATION

DESCRIPTION 描述

 這條命令把當前 SQL 會話環境里的會話用戶標識和當前用戶標識設置為 username。 這個用戶名可以寫成一個標識符或者一個字串文本。 使用這個命令，我們可以臨時變成一個非特權用戶，稍后再切換回超級用戶。

 會話用戶標識符一開始設置為（可能經過認證的）客戶端提供的用戶名。 當前用戶標識符通常等于會話用戶標識符， 但是可能在 "setuid" 的環境里或者類似的機制里臨時改變。 當前用戶標識符和權限檢查相關。

 只有在初始會話用戶（認證了的用戶）有超級用戶權限的時候，會話用戶標識符才能改變。 否則，只有在指定了被認證的用戶名的情況下，系統才接受該命令。

SESSION 和 LOCAL 修飾詞和普通 SET [set(7)] 命令里的作用相同。

DEFAULT 和 RESET 形式重置會話和當前用戶標識符為初始認證的用戶名。這些形式可以為任何用戶執行。  

EXAMPLES 例子

SELECT SESSION_USER, CURRENT_USER;

 session_user | current_user 
--------------+--------------
 peter        | peter

SET SESSION AUTHORIZATION 'paul';

SELECT SESSION_USER, CURRENT_USER;

 session_user | current_user 
--------------+--------------
 paul         | paul

COMPATIBILITY 兼容性

 SQL 標準允許一些其它的表達式出現在文本 username  的位置上，不過這個東西實際上并不重要。 PostgreSQL 允許標識符語法 （"username"），而 SQL 不允許。 SQL 不允許在一個事務的過程中用這條命令； PostgreSQL 沒有這個限制，因為沒有什么理由不允許這樣用。 標準中表示執行這條命令的權限要求是具體實現定義的。  

#p#

NAME

SET SESSION AUTHORIZATION - set the session user identifier and the current user identifier of the current session

SYNOPSIS

SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
RESET SESSION AUTHORIZATION

DESCRIPTION

This command sets the session user identifier and the current user identifier of the current SQL-session context to be username. The user name may be written as either an identifier or a string literal. Using this command, it is possible, for example, to temporarily become an unprivileged user and later switch back to become a superuser.

The session user identifier is initially set to be the (possibly authenticated) user name provided by the client. The current user identifier is normally equal to the session user identifier, but may change temporarily in the context of ``setuid'' functions and similar mechanisms. The current user identifier is relevant for permission checking.

The session user identifier may be changed only if the initial session user (the authenticated user) had the superuser privilege. Otherwise, the command is accepted only if it specifies the authenticated user name.

The SESSION and LOCAL modifiers act the same as for the regular SET [set(7)] command.

The DEFAULT and RESET forms reset the session and current user identifiers to be the originally authenticated user name. These forms may be executed by any user.  

EXAMPLES

SELECT SESSION_USER, CURRENT_USER;

 session_user | current_user 
--------------+--------------
 peter        | peter

SET SESSION AUTHORIZATION 'paul';

SELECT SESSION_USER, CURRENT_USER;

 session_user | current_user 
--------------+--------------
 paul         | paul

COMPATIBILITY

The SQL standard allows some other expressions to appear in place of the literal username which are not important in practice. PostgreSQL allows identifier syntax ("username"), which SQL does not. SQL does not allow this command during a transaction; PostgreSQL does not make this restriction because there is no reason to. The privileges necessary to execute this command are left implementation-defined by the standard.