From 1c1c58c76cc53b56da24d0d87365acfdd84e325d Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Tue, 8 May 2001 21:06:43 +0000
Subject: Add SET SESSION AUTHORIZATION command.

---
 doc/src/sgml/ref/allfiles.sgml         |   3 +-
 doc/src/sgml/ref/set_session_auth.sgml | 103 +++++++++++++++++++++++++++++++++
 doc/src/sgml/reference.sgml            |   4 +-
 3 files changed, 107 insertions(+), 3 deletions(-)
 create mode 100644 doc/src/sgml/ref/set_session_auth.sgml

(limited to 'doc/src')

diff --git a/doc/src/sgml/ref/allfiles.sgml b/doc/src/sgml/ref/allfiles.sgml
index e53bfc74529..aea2171cdfc 100644
--- a/doc/src/sgml/ref/allfiles.sgml
+++ b/doc/src/sgml/ref/allfiles.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.29 2001/05/08 19:28:01 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.30 2001/05/08 21:06:42 petere Exp $
 Postgres documentation
 Complete list of usable sgml source files in this directory.
 -->
@@ -98,6 +98,7 @@ Complete list of usable sgml source files in this directory.
 <!entity selectInto         system "select_into.sgml">
 <!entity set                system "set.sgml">
 <!entity setConstraints     system "set_constraints.sgml">
+<!entity setSessionAuth     system "set_session_auth.sgml">
 <!entity setTransaction     system "set_transaction.sgml">
 <!entity show               system "show.sgml">
 <!entity truncate           system "truncate.sgml">
diff --git a/doc/src/sgml/ref/set_session_auth.sgml b/doc/src/sgml/ref/set_session_auth.sgml
new file mode 100644
index 00000000000..ba3ec6fb542
--- /dev/null
+++ b/doc/src/sgml/ref/set_session_auth.sgml
@@ -0,0 +1,103 @@
+<!-- $Header: /cvsroot/pgsql/doc/src/sgml/ref/set_session_auth.sgml,v 1.1 2001/05/08 21:06:42 petere Exp $ -->
+<refentry id="SQL-SET-SESSION-AUTHORIZATION">
+ <docinfo>
+  <date>2001-04-21</date>
+ </docinfo>
+
+ <refmeta>
+  <refentrytitle>SET SESSION AUTHORIZATION</refentrytitle>
+  <refmiscinfo>SQL - Language Statements</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+  <refname>SET SESSION AUTHORIZATION</refname>
+  <refpurpose>Set the session user identifier and the current user identifier
+         of the current SQL-session context</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+<synopsis>
+SET SESSION AUTHORIZATION '<parameter>username</parameter>'
+</synopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+  <title>Description</title>
+
+  <para>
+   This command sets the session user identifier and the current user
+   identifer of the current SQL-session context to be
+   <parameter>username</parameter>.
+  </para>
+
+  <para>
+   The session user identifier is initially set to be the (possibly
+   authenticated) user name provided by the client.  The current user
+   identifier is normally equal to the session user identifier, but
+   may change temporarily in the context of <quote>setuid</quote>
+   functions and similar mechanisms.  The current user identifer is
+   relevant for permission checking.
+  </para>
+
+  <para>
+   Execution of this command is only permitted if the initial session
+   user (the <firstterm>authenticated user</firstterm>) had the
+   superuser privilege.  This permission is kept for the duration of a
+   connection; for example, it is possible to temporarily become an
+   unprivileged user and later switch back to become a superuser.
+  </para>
+ </refsect1>
+
+ <refsect1>
+  <title>Examples</title>
+
+<screen>
+<userinput>SELECT SESSION_USER, CURRENT_USER;</userinput>
+ current_user | session_user
+--------------+--------------
+ peter        | peter
+
+<userinput>SET SESSION AUTHORIZATION 'paul';</userinput>
+
+<userinput>SELECT SESSION_USER, CURRENT_USER;</userinput>
+ current_user | session_user
+--------------+--------------
+ paul         | paul
+</screen>
+ </refsect1>
+
+ <refsect1>
+  <title>Compatibility</title>
+
+  <simpara>SQL99</simpara>
+
+  <para>
+   SQL99 allows some other expressions to appear in place of the
+   literal <parameter>username</parameter> which are not important in
+   practice.  <application>PostgreSQL</application> allows identifier
+   syntax (<literal>"username"</literal>), which SQL does not.  SQL
+   does not allow this command during a transaction;
+   <application>PostgreSQL</application> does not make
+   this restriction because there is no reason to.  The
+   privileges necessary to execute this command are left
+   implementation-defined by the standard.
+  </para>
+ </refsect1>
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode:sgml
+sgml-omittag:nil
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+sgml-parent-document:nil
+sgml-default-dtd-file:"../reference.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:("/usr/lib/sgml/catalog")
+sgml-local-ecat-files:nil
+End:
+-->
diff --git a/doc/src/sgml/reference.sgml b/doc/src/sgml/reference.sgml
index 9a977a6515c..57dcc7ed280 100644
--- a/doc/src/sgml/reference.sgml
+++ b/doc/src/sgml/reference.sgml
@@ -1,5 +1,5 @@
 <!-- reference.sgml
-$Header: /cvsroot/pgsql/doc/src/sgml/reference.sgml,v 1.16 2001/05/07 00:43:14 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/reference.sgml,v 1.17 2001/05/08 21:06:42 petere Exp $
 
 PostgreSQL Reference Manual
 -->
@@ -84,6 +84,7 @@ PostgreSQL Reference Manual
    &selectInto;
    &set;
    &setConstraints;
+   &setSessionAuth;
    &setTransaction;
    &show;
    &truncate;
@@ -131,7 +132,6 @@ Disable this chapter until we have more functions documented.
    &dropuser;
    &ecpgRef;
    &pgAccess;
-   &pgAdmin;
    &pgConfig;
    &pgDump;
    &pgDumpall;
-- 
cgit v1.2.3