Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vNcDU-008clM-1L
	for pgsql-general@arkaria.postgresql.org;
	Mon, 24 Nov 2025 19:27:16 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vNcDS-003UQU-2q
	for pgsql-general@arkaria.postgresql.org;
	Mon, 24 Nov 2025 19:27:15 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <nico@cryptonector.com>)
	id 1vNcDS-003UQM-16
	for pgsql-general@lists.postgresql.org;
	Mon, 24 Nov 2025 19:27:14 +0000
Received: from silver.cherry.relay.mailchannels.net ([23.83.223.166])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <nico@cryptonector.com>)
	id 1vNcDP-001HZs-14
	for pgsql-general@lists.postgresql.org;
	Mon, 24 Nov 2025 19:27:13 +0000
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id 50AC4802FE1;
	Mon, 24 Nov 2025 19:27:08 +0000 (UTC)
Received: from pdx1-sub0-mail-a254.dreamhost.com (trex-green-5.trex.outbound.svc.cluster.local [100.97.207.191])
	(Authenticated sender: dreamhost)
	by relay.mailchannels.net (Postfix) with ESMTPA id CFE4B8027F7;
	Mon, 24 Nov 2025 19:27:07 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none;
	t=1764012427;
	b=+HoZpbt4lk1Tpnr+GpCZZTHoew5mPj7NOVEsJhr9QNQCraceS466itBpdrV2aW6B+fCJne
	KO6y0n5A11iwPzHU8sabs2Vskc1HKAKdUQ2vgWTcNLWWqP0vjwY7bgtWP+2HiCe+L7xRzx
	FszX5aPWC0LJLplmyMpXjbIQAss8m7NmpDN+EwU92K7ZjT8xBD9ICtDpBfhzVSZEY/DfyH
	UuLuXeo4sbyE3A4i7lgm+PzUVECzyhFZZmL0evIKjpH7VXGYu+gybj6YldOQt8lC3aX4kQ
	cbWlASzfM6r7Fz2QIbwDOSBImfdjNRns1KRqUo32B/qkB1YgZelRJgcuDkA1PA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net;
	s=arc-2022; t=1764012427;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=e3izCFV27PjrQKw+RsrOC5654f/DVsQiZGD/E75ZMOY=;
	b=DX9oWebo1jdE56AKXgV2dkc5gF3uwBk+gi6G3IKiJkxWOiXohR5/2eVGsA+pnFrQ7e/1r6
	uvP8NYUwljRKbJWQxUo9NmNcFKZ7Q6nBZkVuWldJ21mXvcRTmt7p191m9ChkDLlOSh0rbf
	oc2ZOoNCFK5T0ejbI6eyzmrstKptD6aONudH4Jf0IhV8uiFjMOBWr8udIbDe4wh3QkKqVr
	obHz5JWNOQuqm5DhJs/iKgrjNfy0kL5IUJhzrAN9pd3VhtwWIEoUtcoWbITrjgUZzCcgpZ
	hXSGMQJEN6UagpbYzOyzNKuz1JadWknUWOn2KAUSmyixKgc5REXPGsNIsUczzw==
ARC-Authentication-Results: i=1;
	rspamd-66df965b87-z7v4w;
	auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Invention-Attack: 0ce218e1297f2b01_1764012428090_3944221402
X-MC-Loop-Signature: 1764012428090:2442969142
X-MC-Ingress-Time: 1764012428090
Received: from pdx1-sub0-mail-a254.dreamhost.com (pop.dreamhost.com
 [64.90.62.162])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.97.207.191 (trex/7.1.3);
	Mon, 24 Nov 2025 19:27:08 +0000
Received: from ubby (unknown [75.81.95.64])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: nico@cryptonector.com)
	by pdx1-sub0-mail-a254.dreamhost.com (Postfix) with ESMTPSA id 4dFbRv05dHz107F;
	Mon, 24 Nov 2025 11:27:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com;
	s=dreamhost; t=1764012427;
	bh=e3izCFV27PjrQKw+RsrOC5654f/DVsQiZGD/E75ZMOY=;
	h=Date:From:To:Cc:Subject:Content-Type;
	b=YRfYeZnvASH4o1wQkw149yY8KbKYtrc3ZuNOlsmmxjaW74DJZ1LA/1UzeEwHv41WT
	 LazQZZMc4QdQ1AJ8ok5jmBOEtWltiIQy3bHMJP/G2d6tOwZ0iuwG6k2dWAgcOuDcKV
	 pQpLajFkS840Eq2xtCqsgBh112+adJiQbWfhx/czqq2xyLQrDLXVwDqytUxxGnkWau
	 anqHN0oeUv7ux/O683vov0lMXcG3FisoAM5x4Q5hFPL53v4wQhWOP/Q6DteR70vR2G
	 Hv3B35Re0jL22GYYSJHLLSu0krfzrfr/8rMiDRoOEIqJY20T4lvVgqKbC+wf1D/tFA
	 Hf7LXY9EUbagA==
Date: Mon, 24 Nov 2025 13:27:04 -0600
From: Nico Williams <nico@cryptonector.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Laurenz Albe <laurenz.albe@cybertec.at>,
	Calvin Guo <newoakllc2023@gmail.com>,
	pgsql-general@lists.postgresql.org
Subject: Re: set role command
Message-ID: <aSSxiCArsuPkf/I5@ubby>
References: <CA+bysH_or91tt7r0gKLJtw5Wp+DEYwnaRJoTvLfKO33dcdQ_rQ@mail.gmail.com>
 <464edf94a18cf09a49e275d9e9d723949d7682d3.camel@cybertec.at>
 <955750.1764001100@sss.pgh.pa.us>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <955750.1764001100@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/aSSxiCArsuPkf/I5%40ubby>
Precedence: bulk

On Mon, Nov 24, 2025 at 11:18:20AM -0500, Tom Lane wrote:
> Laurenz Albe <laurenz.albe@cybertec.at> writes:
> > On Mon, 2025-11-24 at 16:15 +0800, Calvin Guo wrote:
> >> I really feel, once you "set role usera", you should behave like usera, you should
> >> NOT have the power say: hi, I can assume my super user power whenever I want.
> >> As this make the "set role usera" pretty much useless.
> 
> > I respect your feelings, but that is not how SET ROLE works.
> > The current behavior is intentional and documented in
> > https://www.postgresql.org/docs/current/sql-set-role.html
> 
> And it's also required by the SQL standard, which is very clear
> that "user identifier" and "role" are different things, and
> SET ROLE only changes the latter.
> 
> > There is SET SESSION AUTHORIZATION, which acts somewhet more like you want,
> > except that you can become a superuser again with RESET SESSION AUTHORIZATION.
> 
> In the standard, the privileges required to do SET SESSION
> AUTHORIZATION are "implementation defined", which means we could
> change how it works without breaking standards conformance.
> We'd still be breaking backwards compatibility, though --- for
> instance, pg_dump dumps made with --use-set-session-authorization
> would stop working.  I think that a proposal to change this has
> very little chance of succeeding.

Can we have an extension to say PERMANENTLY?

This is the SQL equivalent of `setreuid()`, essentially.  Except that
unix has a way to do it permanently.  It's a _very_ useful thing to
have.

Nico
--