Tom Lane wrote
>> I have a question about preventing SET ROLE from being reset within a session.
>
> You can't; per SQL standard, SET ROLE NONE is supposed to do exactly that.
>
> I think you might be able to do something with invoking untrusted code
> inside a SECURITY DEFINER function. That context disables both SET ROLE
> and SET SESSION AUTHORIZATION. I would not want to bet a lot on that
> being bulletproof, however.
Me neither. But out of interest, do you know what the intent was for the SESSION and LOCAL modifiers for SET ROLE?
Both seem to do nothing more than regular SET ROLE, but are PostgreSQL extensions.
