Always knowing which user is logged in
In the preceding recipes, we just logged the value of the user variable in the current PostgreSQL session to log the current user role.
This does not always mean that this particular user was the user that was actually authenticated at the start of the session. For example, a superuser can execute the SET ROLE TO ...
command to set its current role to any other user or role in the system. As you might expect, non-superusers can only assume roles that they own.
It is possible to differentiate between the logged-in role and the assumed role using the current_user
and session_user
session variables:
postgres=# select current_user, session_user; current_user | session_user -------------+-------------- postgres     | postgres postgres=# set role to bob; SET postgres=> select current_user, session_user; current_user | session_user -------------+-------------- bob        ...