Home > mailing lists

Re: Real/effective user - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Real/effective user
Date	April 18, 2001 18:44:51
Msg-id	Pine.LNX.4.30.0104182119290.762-100000@peter.localdomain Whole thread Raw
In response to	Re: Real/effective user (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	SET SESSION AUTHORIZATION (was Re: Real/effective user) (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-hackers

Tree view

Tom Lane writes:

> 1. "real user" = what you originally authenticated to the postmaster.
>
> 2. "session user" = what you can SET if your real identity is a superuser.
>
> 3. "current user" = effective userid for permission checks.

We could have a Boolean variable "authenticated user is superuser" which
would serve as the permission to execute SET SESSION AUTHENTICATION, while
we would not actually be making the identity of the real/authenticated
user available (so as to not confuse things unnecessarily).

> if a setuid function
> does a CREATE, shouldn't the created object be owned by the setuid user?
> I'm not sure that I *want* to accept the SQL spec on this point.

Me neither.

-- 
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter

pgsql-hackers by date:

From: Bruce Momjian
Date: 18 April 2001, 18:44:42
Subject: Re: AW: timeout on lock feature

From: Bruce Momjian
Date: 18 April 2001, 19:09:49
Subject: Re: Modified driver to better handle NULL values...y

Re: Real/effective user - Mailing list pgsql-hackers

Previous

Next