Tom Lane wrote:
"Florian G. Pflug" <fgp@xxxxxxxx> writes:
Why don't you just use "SET SESSION AUTHORIZATION somerole", and then scan
the to-be-executel sql scripts for any occurence of "reset session authorization",
and ignore the script it matches.
What would probably be better is a way to do SET SESSION AUTHORIZATION
and then abandon the underlying superuser privilege, thereby absolutely
guaranteeing that the session can't do anything the selected userid
shouldn't be able to do. You'd have to start a new session for each
cronjob, but that would be a Really Good Idea anyway, given the lack of
any way to fully restore a session to default state.
My "solution" (or hack ;-) ) was meant to work with current versions of postgres..
Of course, a command like "set session authorization <user> final" or such would be
a better way - maybe something for 8.2? ;-))
mfg, Florian Pflug
