2015-12-20 19:44 GMT+03:00 Pavel Stehule <pavel.stehule@xxxxxxxxx>:
-- 2015-12-20 17:30 GMT+01:00 Dmitry Igrishin <dmitigr@xxxxxxxxx>:Can be totally different if you use some connection pooler like pgpool or pgbouncer - these applications can reuse Postgres server sessions for more user sessions.BTW, AFAIK, it's not possible to change the session authentication information byusing SET SESSION AUTHORIZATION [1] if the current user is not a superuser.But it would be very nice to have a feature to change the session authorizationof current user even without superuser's privilege by supplying a password ofthe user specified in SET SESSION AUTHORIZATION. This feature allowsto use PostgreSQL's native privileges via connection pools -- i.e. withoutneeds to open a dedicated connection for authenticated user. Is it possibleto implement it?there is a workaround with security definer function and SET role TO ?
No there isn't. According to [2] "SET ROLE cannot be used within SECURITY
DEFINER function". Furthermore, SET ROLE doesn't affects the session_user's
function result which can be used by a logic.
// Dmitry.
