Hi, On 2022-03-01 08:35:27 -0500, Stephen Frost wrote: > I'm not really sure why we're arguing about this, but clearly the authn > ID of the leader process is what should be used because that's the > authentication under which the parallel worker is running, just as much > as the effective role is the authorization. Having this be available in > worker processes would certainly be good as it would allow more query > plans to be considered when these functions are used. At this time, I > don't think that outweighs the complications around having it and I'm > not suggesting that Jacob needs to go do that, but surely it would be > better.
I don't think we should commit this without synchronizing the authn between worker / leader (in a separate commit). Too likely that some function that's marked parallel ok queries the authn_id, opening up a security/monitoring hole or such because of a bogus return value. Greetings, Andres Freund