Baoding-FenShuaJiang
/
Green_GoodERP18_FSJ_Standard
Слідкувати 1
В обрані 0
Вікі 捐赠
gooderp18绿色标准版
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
Дерево: 0f75e31513
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '0f75e31513'
${ noResults }
Green_GoodERP18_FSJ_Standard/PostgreSQL/doc/postgresql/html/sql-set-role.html

78 lines
6.9KB
Неформатований Blame Історія 

  1. <?xml version="1.0" encoding="UTF-8" standalone="no"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>SET ROLE</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="sql-set-constraints.html" title="SET CONSTRAINTS" /><link rel="next" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION" /></head><body><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">SET ROLE</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="sql-set-constraints.html" title="SET CONSTRAINTS">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="sql-commands.html" title="SQL Commands">Up</a></td><th width="60%" align="center">SQL Commands</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 12.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION">Next</a></td></tr></table><hr></hr></div><div class="refentry" id="SQL-SET-ROLE"><div class="titlepage"></div><a id="id-1.9.3.175.1" class="indexterm"></a><div class="refnamediv"><h2><span class="refentrytitle">SET ROLE</span></h2><p>SET ROLE — set the current user identifier of the current session</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><pre class="synopsis">

  3. SET [ SESSION | LOCAL ] ROLE <em class="replaceable"><code>role_name</code></em>

  4. SET [ SESSION | LOCAL ] ROLE NONE

  5. RESET ROLE

  6. </pre></div><div class="refsect1" id="id-1.9.3.175.5"><h2>Description</h2><p>

  7.    This command sets the current user

  8.    identifier of the current SQL session to be <em class="replaceable"><code>role_name</code></em>.  The role name can be

  9.    written as either an identifier or a string literal.

  10.    After <code class="command">SET ROLE</code>, permissions checking for SQL commands

  11.    is carried out as though the named role were the one that had logged

  12.    in originally.

  13.   </p><p>

  14.    The specified <em class="replaceable"><code>role_name</code></em>

  15.    must be a role that the current session user is a member of.

  16.    (If the session user is a superuser, any role can be selected.)

  17.   </p><p>

  18.    The <code class="literal">SESSION</code> and <code class="literal">LOCAL</code> modifiers act the same

  19.    as for the regular <a class="xref" href="sql-set.html" title="SET"><span class="refentrytitle">SET</span></a>

  20.    command.

  21.   </p><p>

  22.    The <code class="literal">NONE</code> and <code class="literal">RESET</code> forms reset the current

  23.    user identifier to be the current session user identifier.

  24.    These forms can be executed by any user.

  25.   </p></div><div class="refsect1" id="id-1.9.3.175.6"><h2>Notes</h2><p>

  26.    Using this command, it is possible to either add privileges or restrict

  27.    one's privileges.  If the session user role has the <code class="literal">INHERIT</code>

  28.    attribute, then it automatically has all the privileges of every role that

  29.    it could <code class="command">SET ROLE</code> to; in this case <code class="command">SET ROLE</code>

  30.    effectively drops all the privileges assigned directly to the session user

  31.    and to the other roles it is a member of, leaving only the privileges

  32.    available to the named role.  On the other hand, if the session user role

  33.    has the <code class="literal">NOINHERIT</code> attribute, <code class="command">SET ROLE</code> drops the

  34.    privileges assigned directly to the session user and instead acquires the

  35.    privileges available to the named role.

  36.   </p><p>

  37.    In particular, when a superuser chooses to <code class="command">SET ROLE</code> to a

  38.    non-superuser role, they lose their superuser privileges.

  39.   </p><p>

  40.    <code class="command">SET ROLE</code> has effects comparable to

  41.    <a class="xref" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION"><span class="refentrytitle">SET SESSION AUTHORIZATION</span></a>, but the privilege

  42.    checks involved are quite different.  Also,

  43.    <code class="command">SET SESSION AUTHORIZATION</code> determines which roles are

  44.    allowable for later <code class="command">SET ROLE</code> commands, whereas changing

  45.    roles with <code class="command">SET ROLE</code> does not change the set of roles

  46.    allowed to a later <code class="command">SET ROLE</code>.

  47.   </p><p>

  48.    <code class="command">SET ROLE</code> does not process session variables as specified by

  49.    the role's <a class="xref" href="sql-alterrole.html" title="ALTER ROLE"><span class="refentrytitle">ALTER ROLE</span></a> settings;  this only happens during

  50.    login.

  51.   </p><p>

  52.    <code class="command">SET ROLE</code> cannot be used within a

  53.    <code class="literal">SECURITY DEFINER</code> function.

  54.   </p></div><div class="refsect1" id="id-1.9.3.175.7"><h2>Examples</h2><pre class="programlisting">

  55. SELECT SESSION_USER, CURRENT_USER;

  56. 

  57.  session_user | current_user 

  58. --------------+--------------

  59.  peter        | peter

  60. 

  61. SET ROLE 'paul';

  62. 

  63. SELECT SESSION_USER, CURRENT_USER;

  64. 

  65.  session_user | current_user 

  66. --------------+--------------

  67.  peter        | paul

  68. </pre></div><div class="refsect1" id="id-1.9.3.175.8"><h2>Compatibility</h2><p>

  69.    <span class="productname">PostgreSQL</span>

  70.    allows identifier syntax (<code class="literal">"<em class="replaceable"><code>rolename</code></em>"</code>), while

  71.    the SQL standard requires the role name to be written as a string

  72.    literal.  SQL does not allow this command during a transaction;

  73.    <span class="productname">PostgreSQL</span> does not make this

  74.    restriction because there is no reason to.

  75.    The <code class="literal">SESSION</code> and <code class="literal">LOCAL</code> modifiers are a

  76.    <span class="productname">PostgreSQL</span> extension, as is the

  77.    <code class="literal">RESET</code> syntax.

  78.   </p></div><div class="refsect1" id="id-1.9.3.175.9"><h2>See Also</h2><span class="simplelist"><a class="xref" href="sql-set-session-authorization.html" title="SET SESSION AUTHORIZATION"><span class="refentrytitle">SET SESSION AUTHORIZATION</span></a></span></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sql-set-constraints.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sql-commands.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sql-set-session-authorization.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">SET CONSTRAINTS </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> SET SESSION AUTHORIZATION</td></tr></table></div></body></html>
上海开阖软件有限公司 沪ICP备12045867号-1