Обсуждение: docs: set role permission checking, do I read this wrong?
Hi, when reading the documentation about "set role" there is this: https://www.postgresql.org/docs/16/sql-set-role.html "After |SET ROLE|, permissions checking for SQL commands is carried out as though the named role were the one that had logged in originally." Given this: postgres=# select session_user, current_user; session_user | current_user --------------+-------------- postgres | postgres (1 row) postgres=# set role a; SET postgres=> create table t(a int); ERROR: permission denied for schema public LINE 1: create table t(a int); ^ Isn't it the other way around and permission checking is done as "a", or do I read this wrong? Best regards Daniel
On Wednesday, October 18, 2023, Daniel Westermann <daniel.westermann@dbi-services.com> wrote:
"After |SET ROLE|, permissions checking for SQL commands is carried out as though the named role were the one that had logged in originally."
Isn't it the other way around and permission checking is done as "a", or do I read this wrong?
It is saying “a” is the current_user:
When you set role to (named role) a the system behaves as if (named role) a had logged in originally (even though, in that example, postgres is the role that originally logged in)
David J.
On 10/18/23 09:26, David G. Johnston wrote:
Regards
Daniel
On Wednesday, October 18, 2023, Daniel Westermann <daniel.westermann@dbi-services.com> wrote:Thank you, this is what I see in the small example. Maybe it is my English, but this sentence sounds confusing.
"After |SET ROLE|, permissions checking for SQL commands is carried out as though the named role were the one that had logged in originally."
Isn't it the other way around and permission checking is done as "a", or do I read this wrong?It is saying “a” is the current_user:When you set role to (named role) a the system behaves as if (named role) a had logged in originally (even though, in that example, postgres is the role that originally logged in)David J.
Regards
Daniel
On Wednesday, October 18, 2023, Daniel Westermann <daniel.westermann@dbi-services.com> wrote:
Thank you, this is what I see in the small example. Maybe it is my English, but this sentence sounds confusing.
How would you document that behavior? The sentence is correct; that doesn’t mean it can’t be improved.
David J.