Participants
Michael Fuhr
Michael Fuhr
Boris Migo
Boris Migo
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Boris MigoBoris Migo
Mar 06, 2006
#2Michael FuhrMichael Fuhrto Boris Migo (#1)
Mar 07, 2006
#3Tom LaneTom Laneto Michael Fuhr (#2)
Mar 07, 2006
#4Michael FuhrMichael Fuhrto Tom Lane (#3)
Mar 07, 2006

is it possible to get current_user inside security definer function ?

Started by Boris Migoabout 20 years ago4 messagesgeneral
Jump to latest
#1Boris Migo
Boris Migo
migo@intrak.sk

Is there any way to get the name of the current user inside a plpgsql function that is defined with security definer?

I know that this question was discused earlier, and session_user should be the answer, but user's curren_user doesn't have to be the same as session_user before function call, because of 'set role'.

regards
justweasel

#2Michael Fuhr
Michael Fuhr
mike@fuhr.org
In reply to: Boris Migo (#1)
Re: is it possible to get current_user inside security definer function ?

On Mon, Mar 06, 2006 at 06:27:06PM +0100, Boris Migo wrote:

Is there any way to get the name of the current user inside a
plpgsql function that is defined with security definer?

I know that this question was discused earlier, and session_user
should be the answer, but user's curren_user doesn't have to be the
same as session_user before function call, because of 'set role'.

Is this what you're after? I don't know if there's another way.

\c test user1

CREATE FUNCTION whoami(OUT curr_user text, OUT sess_user text, OUT role_user text)
AS $$
BEGIN
curr_user := current_user;
sess_user := session_user;
role_user := current_setting('role');
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;

\c test user2

SELECT current_user, session_user, current_setting('role');
current_user | session_user | current_setting
--------------+--------------+-----------------
user2 | user2 | none
(1 row)

SET ROLE user3;

SELECT current_user, session_user, current_setting('role');
current_user | session_user | current_setting
--------------+--------------+-----------------
user3 | user2 | user3
(1 row)

SELECT * FROM whoami();
curr_user | sess_user | role_user
-----------+-----------+-----------
user1 | user2 | user3
(1 row)

--
Michael Fuhr

#3Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Michael Fuhr (#2)
Re: is it possible to get current_user inside security definer function ?

Michael Fuhr <mike@fuhr.org> writes:

Is this what you're after? I don't know if there's another way.

role_user := current_setting('role');

We currently define the spec's CURRENT_ROLE as equivalent to
CURRENT_USER, but I wonder if it shouldn't do what Boris is after.

regards, tom lane

#4Michael Fuhr
Michael Fuhr
mike@fuhr.org
In reply to: Tom Lane (#3)
Re: is it possible to get current_user inside security definer function ?

On Tue, Mar 07, 2006 at 12:58:29AM -0500, Tom Lane wrote:

Michael Fuhr <mike@fuhr.org> writes:

Is this what you're after? I don't know if there's another way.

role_user := current_setting('role');

We currently define the spec's CURRENT_ROLE as equivalent to
CURRENT_USER, but I wonder if it shouldn't do what Boris is after.

I wondered why there wasn't a SOME_THING that showed that. Does
the spec say anything about it? I just did a quick search and
didn't see anything but I might easily have overlooked it.

--
Michael Fuhr

← Back to Topics