SET AND RESET SESSION AUTHORIZATION
Set the user of the current session.
Table of contents
Synopsis
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
RESET SESSION AUTHORIZATION
Description
These statements set or reset the user of the session to the given or revert the user back to the original authenticated user.
The session user can be changed only if the initial authenticated user had the superuser privileges. Otherwise, the statement is only accepted if the specified username
matches the originally authenticated user.
Using this statement, a superuser can temporarily become an unprivileged user and later switch back to a superuser. The superuser would switch using SET SESSION AUTHORIZATION '<impersonating_user>'
to drop privileges and become impersonating_user
. Later the original privileges can be restored using SET SESSION AUTHORIZATION <real_username>
or SET SESSION AUTHORIZATION DEFAULT
.
SET LOCAL
does not have any effect on session. All SET LOCAL
statements will be ignored by CrateDB and logged with the INFO
logging level.
The DEFAULT
and RESET
forms reset the session and current user to be the originally authenticated user.
Parameters
username
The user name represented as an identifier or a string literal.
DEFAULT
Used for resetting the session user to initial session (authenticated) user.