Participants
George Nychis
George Nychis
David Legault
David Legault
A. Kretschmer
A. Kretschmer
Attachments
Show all attachments
Thread Outline
#1George NychisGeorge Nychis
Mar 01, 2007
#2A. KretschmerA. Kretschmerto George Nychis (#1)
Mar 01, 2007
#3George NychisGeorge Nychisto A. Kretschmer (#2)
Mar 01, 2007
#4David LegaultDavid Legaultto George Nychis (#3)
Mar 01, 2007
#5George NychisGeorge Nychisto David Legault (#4)
Mar 01, 2007
#6David LegaultDavid Legaultto George Nychis (#5)
Mar 01, 2007

get username of user calling function?

Started by George Nychisabout 19 years ago6 messagesgeneral
Jump to latest
#1George Nychis
George Nychis
gnychis@cmu.edu

Hi,

Is it possible to get the username of the user calling a function?

Just as a test, a function which would return the user their username.

Thanks!
George

#2A. Kretschmer
A. Kretschmer
andreas.kretschmer@schollglas.com
In reply to: George Nychis (#1)
Re: get username of user calling function?

am Thu, dem 01.03.2007, um 11:40:11 -0500 mailte George Nychis folgendes:

Hi,

Is it possible to get the username of the user calling a function?

You can use the current_user - variable. Select current_user;

Andreas
--
Andreas Kretschmer
Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net

#3George Nychis
George Nychis
gnychis@cmu.edu
In reply to: A. Kretschmer (#2)
Re: get username of user calling function?

A. Kretschmer wrote:

You can use the current_user - variable. Select current_user;

I'm trying to create a function in which users can only kill their own processes, it works
perfectly if i hardcode a username in such as this:
CREATE FUNCTION kill_process(integer) RETURNS boolean
AS 'select pg_cancel_backend(procpid)
FROM (SELECT procpid FROM pg_stat_activity WHERE procpid=$1 and usename=''gnychis'')
AS kill;'
LANGUAGE SQL SECURITY DEFINER;

But if i try to replace usename=''gnychis'' with usename=current_user it no longer works.

Any ideas?

- George

#4David Legault
David Legault
legault.david@gmail.com
In reply to: George Nychis (#3)
Re: get username of user calling function?

On 3/1/07, George Nychis <gnychis@cmu.edu> wrote:

A. Kretschmer wrote:

You can use the current_user - variable. Select current_user;

I'm trying to create a function in which users can only kill their own
processes, it works
perfectly if i hardcode a username in such as this:
CREATE FUNCTION kill_process(integer) RETURNS boolean
AS 'select pg_cancel_backend(procpid)
FROM (SELECT procpid FROM pg_stat_activity WHERE procpid=$1 and
usename=''gnychis'')
AS kill;'
LANGUAGE SQL SECURITY DEFINER;

See the EXECUTE function in the pl/pgSQL language in the docs for dynamic
queries.

But if i try to replace usename=''gnychis'' with usename=current_user it no

Show quoted text

longer works.

Any ideas?

- George

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq

#5George Nychis
George Nychis
gnychis@cmu.edu
In reply to: David Legault (#4)
Re: get username of user calling function?

David Legault wrote:

See the EXECUTE function in the pl/pgSQL language in the docs for dynamic
queries.

So it turns out that in a SECURITY DEFINER the current_user is the owner of the function.
I had to use session_user and it works now :)

- George

#6David Legault
David Legault
legault.david@gmail.com
In reply to: George Nychis (#5)
Re: get username of user calling function?

On 3/1/07, George Nychis <gnychis@cmu.edu> wrote:

David Legault wrote:

See the EXECUTE function in the pl/pgSQL language in the docs for

dynamic

queries.

So it turns out that in a SECURITY DEFINER the current_user is the owner
of the function.
I had to use session_user and it works now :)

yes because you are running it in the context of the owner of the function

there is also another SECURITY setting that will be in the context of the
caller where current_user() should return the callee.

- George

Show quoted text
← Back to Topics