Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vNZGl-006m8k-0u
	for pgsql-general@arkaria.postgresql.org;
	Mon, 24 Nov 2025 16:18:27 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vNZGj-001nfF-2u
	for pgsql-general@arkaria.postgresql.org;
	Mon, 24 Nov 2025 16:18:26 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1vNZGj-001nex-1q
	for pgsql-general@lists.postgresql.org;
	Mon, 24 Nov 2025 16:18:25 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1vNZGh-001ENm-18
	for pgsql-general@lists.postgresql.org;
	Mon, 24 Nov 2025 16:18:25 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 5AOGILRo955751;
	Mon, 24 Nov 2025 11:18:21 -0500
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Laurenz Albe <laurenz.albe@cybertec.at>
cc: Calvin Guo <newoakllc2023@gmail.com>, pgsql-general@lists.postgresql.org
Subject: Re: set role command
In-reply-to: <464edf94a18cf09a49e275d9e9d723949d7682d3.camel@cybertec.at>
References: <CA+bysH_or91tt7r0gKLJtw5Wp+DEYwnaRJoTvLfKO33dcdQ_rQ@mail.gmail.com> <464edf94a18cf09a49e275d9e9d723949d7682d3.camel@cybertec.at>
Comments: In-reply-to Laurenz Albe <laurenz.albe@cybertec.at>
	message dated "Mon, 24 Nov 2025 13:57:49 +0100"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <955749.1764001100.1@sss.pgh.pa.us>
Content-Transfer-Encoding: quoted-printable
Date: Mon, 24 Nov 2025 11:18:20 -0500
Message-ID: <955750.1764001100@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/955750.1764001100%40sss.pgh.pa.us>
Precedence: bulk

Laurenz Albe <laurenz.albe@cybertec.at> writes:
> On Mon, 2025-11-24 at 16:15 +0800, Calvin Guo wrote:
>> I really feel, once you "set role usera", you should behave like usera,=
 you should
>> NOT have the power say: hi, I can assume my super user power whenever I=
 want.
>> As this make the "set role usera" pretty much useless.

> I respect your feelings, but that is not how SET ROLE works.
> The current behavior is intentional and documented in
> https://www.postgresql.org/docs/current/sql-set-role.html

And it's also required by the SQL standard, which is very clear
that "user identifier" and "role" are different things, and
SET ROLE only changes the latter.

> There is SET SESSION AUTHORIZATION, which acts somewhet more like you wa=
nt,
> except that you can become a superuser again with RESET SESSION AUTHORIZ=
ATION.

In the standard, the privileges required to do SET SESSION
AUTHORIZATION are "implementation defined", which means we could
change how it works without breaking standards conformance.
We'd still be breaking backwards compatibility, though --- for
instance, pg_dump dumps made with --use-set-session-authorization
would stop working.  I think that a proposal to change this has
very little chance of succeeding.

The best way to lock things down is to start a new session under
the restricted user name.

			regards, tom lane