On Fri, 2021-01-29 at 17:30 -0500, Tom Lane wrote: > What happens if ALTER USER RENAME is done while the session is still > alive?
IMO the authenticated identity should be write-once. Especially since one of my goals is to have greater auditability into events as they've actually happened. So ALTER USER RENAME should have no effect. This also doesn't really affect third-party auth methods. If I'm bound as pchamp...@example.com and a superuser changes my username to tlane, you _definitely_ don't want to see my authenticated identity change to tl...@example.com. That's not who I am. So the potential confusion would come into play with first-party authn. From an audit perspective, I think it's worth it. I did authenticate as pchampion, not tlane. > More generally, exposing this in log_line_prefix seems like an awfully > narrow-minded view of what people will want it for. I'd personally > think pg_stat_activity a better place to look, for example. > [...] > Yeah, this seems like about the most expensive way that we could possibly > choose to make the info available. I'm happy as long as it's _somewhere_. :D It's relatively easy to expose a single location through multiple avenues, but currently there is no single location. --Jacob
