Re: docs: set role permission checking, do I read this wrong?
On Wednesday, October 18, 2023, Daniel Westermann < daniel.westerm...@dbi-services.com> wrote: > > Thank you, this is what I see in the small example. Maybe it is my > English, but this sentence sounds confusing. > How would you document that behavior? The sentence is correct; that doesn’t mean it can’t be improved. David J.
Re: docs: set role permission checking, do I read this wrong?
On 10/18/23 09:26, David G. Johnston wrote: On Wednesday, October 18, 2023, Daniel Westermann wrote: "After |SET ROLE|, permissions checking for SQL commands is carried out as though the named role were the one that had logged in originally." Isn't it the other way around and permission checking is done as "a", or do I read this wrong? It is saying “a” is the current_user: When you set role to (named role) a the system behaves as if (named role) a had logged in originally (even though, in that example, postgres is the role that originally logged in) David J. Thank you, this is what I see in the small example. Maybe it is my English, but this sentence sounds confusing. Regards Daniel
Re: docs: set role permission checking, do I read this wrong?
On Wednesday, October 18, 2023, Daniel Westermann < daniel.westerm...@dbi-services.com> wrote: > > "After |SET ROLE|, permissions checking for SQL commands is carried out as > though the named role were the one that had logged in originally." > > Isn't it the other way around and permission checking is done as "a", or > do I read this wrong? > It is saying “a” is the current_user: When you set role to (named role) a the system behaves as if (named role) a had logged in originally (even though, in that example, postgres is the role that originally logged in) David J.
docs: set role permission checking, do I read this wrong?
Hi, when reading the documentation about "set role" there is this: https://www.postgresql.org/docs/16/sql-set-role.html "After |SET ROLE|, permissions checking for SQL commands is carried out as though the named role were the one that had logged in originally." Given this: postgres=# select session_user, current_user; session_user | current_user --+-- postgres | postgres (1 row) postgres=# set role a; SET postgres=> create table t(a int); ERROR: permission denied for schema public LINE 1: create table t(a int); ^ Isn't it the other way around and permission checking is done as "a", or do I read this wrong? Best regards Daniel
