diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/ref/set_role.sgml | 9 | ||||
| -rw-r--r-- | doc/src/sgml/ref/set_session_auth.sgml | 15 | ||||
| -rw-r--r-- | doc/src/sgml/ref/show.sgml | 5 |
3 files changed, 21 insertions, 8 deletions
diff --git a/doc/src/sgml/ref/set_role.sgml b/doc/src/sgml/ref/set_role.sgml index d58943fbefe..5b8e1fdfd2c 100644 --- a/doc/src/sgml/ref/set_role.sgml +++ b/doc/src/sgml/ref/set_role.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/ref/set_role.sgml,v 1.4 2007/01/31 23:26:04 momjian Exp $ +$PostgreSQL: pgsql/doc/src/sgml/ref/set_role.sgml,v 1.5 2008/01/03 21:23:15 tgl Exp $ PostgreSQL documentation --> @@ -31,7 +31,7 @@ RESET ROLE <para> This command sets the current user - identifier of the current SQL-session context to be <replaceable + identifier of the current SQL session to be <replaceable class="parameter">rolename</replaceable>. The role name can be written as either an identifier or a string literal. After <command>SET ROLE</>, permissions checking for SQL commands @@ -89,6 +89,11 @@ RESET ROLE roles with <command>SET ROLE</> does not change the set of roles allowed to a later <command>SET ROLE</>. </para> + + <para> + <command>SET ROLE</> cannot be used within a + <literal>SECURITY DEFINER</> function. + </para> </refsect1> <refsect1> diff --git a/doc/src/sgml/ref/set_session_auth.sgml b/doc/src/sgml/ref/set_session_auth.sgml index 315aec14e7c..f21c58f98ea 100644 --- a/doc/src/sgml/ref/set_session_auth.sgml +++ b/doc/src/sgml/ref/set_session_auth.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/ref/set_session_auth.sgml,v 1.16 2007/01/31 23:26:04 momjian Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/ref/set_session_auth.sgml,v 1.17 2008/01/03 21:23:15 tgl Exp $ --> <refentry id="SQL-SET-SESSION-AUTHORIZATION"> <refmeta> <refentrytitle id="sql-set-session-authorization-title">SET SESSION AUTHORIZATION</refentrytitle> @@ -27,7 +27,7 @@ RESET SESSION AUTHORIZATION <para> This command sets the session user identifier and the current user - identifier of the current SQL-session context to be <replaceable + identifier of the current SQL session to be <replaceable class="parameter">username</replaceable>. The user name can be written as either an identifier or a string literal. Using this command, it is possible, for example, to temporarily become an @@ -38,7 +38,7 @@ RESET SESSION AUTHORIZATION The session user identifier is initially set to be the (possibly authenticated) user name provided by the client. The current user identifier is normally equal to the session user identifier, but - might change temporarily in the context of <quote>setuid</quote> + might change temporarily in the context of <literal>SECURITY DEFINER</> functions and similar mechanisms; it can also be changed by <xref linkend="sql-set-role" endterm="sql-set-role-title">. The current user identifier is relevant for permission checking. @@ -65,6 +65,15 @@ RESET SESSION AUTHORIZATION </refsect1> <refsect1> + <title>Notes</title> + + <para> + <command>SET SESSION AUTHORIZATION</> cannot be used within a + <literal>SECURITY DEFINER</> function. + </para> + </refsect1> + + <refsect1> <title>Examples</title> <programlisting> diff --git a/doc/src/sgml/ref/show.sgml b/doc/src/sgml/ref/show.sgml index 14ddd6744f8..ebd1acee35a 100644 --- a/doc/src/sgml/ref/show.sgml +++ b/doc/src/sgml/ref/show.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/ref/show.sgml,v 1.44 2007/09/26 22:36:30 tgl Exp $ +$PostgreSQL: pgsql/doc/src/sgml/ref/show.sgml,v 1.45 2008/01/03 21:23:15 tgl Exp $ PostgreSQL documentation --> @@ -104,8 +104,7 @@ SHOW ALL <term><literal>IS_SUPERUSER</literal></term> <listitem> <para> - True if the current session authorization identifier has - superuser privileges. + True if the current role has superuser privileges. </para> </listitem> </varlistentry> |