On 3/15/21, 7:06 AM, "Laurenz Albe" <laurenz.a...@cybertec.at> wrote: > On Fri, 2021-03-12 at 21:41 +0000, Bossart, Nathan wrote: >> On 3/12/21, 11:14 AM, "Joe Conway" <m...@joeconway.com> wrote: >> > Looking back at the commit history it seems to me that this only works >> > accidentally. Perhaps it would be best to fix RESET ROLE and be done with >> > it. >> >> That seems reasonable to me. > > +1 from me too.
Here's my latest attempt. I think it's important to state that it sets the role to the current session user identifier unless there is a connection-time setting. If there is no connection-time setting, it will reset the role to the current session user, which might be different if you've run SET SESSION AUTHORIZATION. diff --git a/doc/src/sgml/ref/set_role.sgml b/doc/src/sgml/ref/set_role.sgml index 739f2c5cdf..f02babf3af 100644 --- a/doc/src/sgml/ref/set_role.sgml +++ b/doc/src/sgml/ref/set_role.sgml @@ -53,9 +53,16 @@ RESET ROLE </para> <para> - The <literal>NONE</literal> and <literal>RESET</literal> forms reset the current - user identifier to be the current session user identifier. - These forms can be executed by any user. + <literal>SET ROLE NONE</literal> sets the current user identifier to the + current session user identifier, as returned by + <function>session_user</function>. <literal>RESET ROLE</literal> sets the + current user identifier to the connection-time setting specified by the + <link linkend="libpq-connect-options">command-line options</link>, + <link linkend="sql-alterrole"><command>ALTER ROLE</command></link>, or + <link linkend="sql-alterdatabase"><command>ALTER DATABASE</command></link>, + if any such settings exist. Otherwise, <literal>RESET ROLE</literal> sets + the current user identifier to the current session user identifier. These + forms can be executed by any user. </para> </refsect1> Nathan