Re: SYSTEM_USER reserved word implementation

Joe Conway <mail@joeconway.com>

From: Joe Conway <mail@joeconway.com>
To: Jacob Champion <jchampion@timescale.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, "Drouvot, Bertrand" <bdrouvot@amazon.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2022-06-22T16:26:46Z
Lists: pgsql-hackers
On 6/22/22 11:35, Jacob Champion wrote:
> On Wed, Jun 22, 2022 at 8:10 AM Joe Conway <mail@joeconway.com> wrote:
>> --- a/src/backend/utils/init/miscinit.c
>> +++ b/src/backend/utils/init/miscinit.c
>> @@ -473,6 +473,7 @@ static Oid    AuthenticatedUserId = InvalidOid;
>>  static Oid    SessionUserId = InvalidOid;
>>  static Oid    OuterUserId = InvalidOid;
>>  static Oid    CurrentUserId = InvalidOid;
>> +static const char *SystemUser = NULL;
>>
>>  /* We also have to remember the superuser state of some of these levels */
>>  static bool AuthenticatedUserIsSuperuser = false;
> 
> What's the rationale for introducing a new global for this? A downside
> is that now there are two sources of truth, for a security-critical
> attribute of the connection.

Why would you want to do it differently than 
SessionUserId/OuterUserId/CurrentUserId? It is analogous, no?

-- 
Joe Conway
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com



Commits

  1. Introduce SYSTEM_USER

  2. Add some information about authenticated identity via log_connections