On Wed, Oct 18, 2017 at 02:13:29PM -0700, David G. Johnston wrote: > > More useful than this, for me, would be a way to get the top-most user. > > That would be "session_user"?
It's not quite since there's a difference between SET SESSION AUTHORIZATION and SET SESSION ROLE.
But yes, it's what I'm using now.
True, though at that point the superuser who wants to cover their tracks could probably just edit your functions...
Really? Why? I mean, there's an implicit function invocation stack already. Reifying some bits of the function call stack is useful. I can't think of how this particular reification would be dangerous or set a bad precedent.
Nothing concrete...
Hmmm, oh, I forgot about GET DIAGNOSTICS! The stack is already exposed to SQL. Maybe we could add a CURRENT_USER item to GET STACKED DIAGNOSTICS or to the PG_CONTEXT.
Ideally if implementing what you describe we'd want it accessible from any procedural language, not just pl/pgsql.
Also, GET STACKED DIAGNOSTICS is documented as being exposed only within an exception handler.
> If I was in position to dive deeper I wouldn't foreclose on the stack idea > but I'd be inclined to see if something else could be made to work with > reasonable effort.
I would think that the more general approach, if easy enough to implement, would be better. I can (and will) live with using session_user instead of current_user, for now. But I'm willing to contribute a patch