As a side note, I've recently caught myself thinking "it would be cool to have session variables here". The use case was preparing a policy for RLS, based on some session-level data set by an application. This session-level data is of a composite data type, so simple current_setting is cumbersome to use, and a temporary table will be dropped at the end, taking the policy with it due to the recorded dependency between them. Thus a session variable of some composite type sounds like a good fit.
yes, RLS support is one mentioned use case, and strong reason the access rights are implemented there.
