SET AND RESET SESSION AUTHORIZATION

Set the user of the current session.

Table of contents

Synopsis

SET [ SESSION | LOCAL ] SESSION AUTHORIZATION username
SET [ SESSION | LOCAL ] SESSION AUTHORIZATION DEFAULT
RESET SESSION AUTHORIZATION

Description

These statements set or reset the user of the session to the given or revert the user back to the original authenticated user.

The session user can be changed only if the initial authenticated user had the superuser privileges. Otherwise, the statement is only accepted if the specified username matches the originally authenticated user.

Using this statement, a superuser can temporarily become an unprivileged user and later switch back to a superuser. The superuser would switch using SET SESSION AUTHORIZATION '<impersonating_user>' to drop privileges and become impersonating_user. Later the original privileges can be restored using SET SESSION AUTHORIZATION <real_username> or SET SESSION AUTHORIZATION DEFAULT.

SET LOCAL does not have any effect on session. All SET LOCAL statements will be ignored by CrateDB and logged with the INFO logging level.

The DEFAULT and RESET forms reset the session and current user to be the originally authenticated user.

Parameters

username

The user name represented as an identifier or a string literal.

DEFAULT

Used for resetting the session user to initial session (authenticated) user.