SET ROLE

Description

Sets the current user identifier of the current session.

Precautions

• Users of the current session must be members of specified rolename, but system administrators can choose any roles.
• This statement may add permissions to or restrict permissions of a user. If the role of a session user has the INHERITS attribute, it automatically has all permissions of roles that SET ROLE enables the role to be. In this case, SET ROLE physically deletes all permissions directly granted to session users and permissions of its belonging roles and only leaves permissions of the specified roles. If the role of the session user has the NOINHERITS attribute, SET ROLE deletes permissions directly granted to the session user and obtains permissions of the specified role.

Syntax

• Set the current user identifier of the current session.

  SET [ SESSION | LOCAL ] ROLE role_name PASSWORD 'password';

• Reset the current user identifier to that of the current session.

  RESET ROLE;

Parameters

• SESSION

  Specifies that the statement takes effect only for the current session. This parameter is used by default.

• LOCAL

  Specifies that the specified statement takes effect only for the current transaction.

• role_name

  Specifies the role name.

  Value range: a string that complies with the Identifier Naming Conventions.

• password

  Specifies the password of a role. It must comply with the password convention. Encrypted passwords are not supported.

• RESET ROLE

  Resets the current user identifier.

Examples

-- Create a role paul.
openGauss=# CREATE ROLE paul IDENTIFIED BY '********';

-- Set the current user to paul.
openGauss=# SET ROLE paul PASSWORD '********';

-- View the current session user and the current user.
openGauss=> SELECT SESSION_USER, CURRENT_USER;

-- Reset the current user.
openGauss=> RESET ROLE;

-- Drop the user.
openGauss=# DROP USER paul;