On 2025/06/02 21:53, David G. Johnston wrote:
On Sunday, June 1, 2025, Fujii Masao <masao.fu...@oss.nttdata.com
<mailto:masao.fu...@oss.nttdata.com>> wrote:
On 2025/06/02 14:24, David G. Johnston wrote:
On Sunday, June 1, 2025, Fujii Masao <masao.fu...@oss.nttdata.com
<mailto:masao.fu...@oss.nttdata.com> <mailto:masao.fu...@oss.nttdata.com
<mailto:masao.fu...@oss.nttdata.com>>> wrote:
Also, I noticed that the "Client User" column reflects the user at
the time of connection, while the "Superuser" column reflects
whether
the current user in the current execution context is a superuser.
This means the users referred to in these columns can differ.
It might be worth aligning this behavior, or at least noting the
distinction
clearly in the documentation?
The behavior seems consistent with the reality of our protocol and
libpq. What did you have in mind for documentation changes?
How about adding a note like this?
----------------------
Note that the "Superuser" column does not necessarily reflect the privileges of the user shown in
"Client User". "Client User" shows the user at the time of connection, while "Superuser"
indicates whether the current user (in the current execution context) has superuser privileges. These users are usually
the same, but they can differ, for example, if the current user was changed with the SET ROLE command.
----------------------
Where would you put that?
I was thinking to add a note to the \conninfo documentation, as shown
in the attached patch. I don't have a better alternative at the moment.
Regards,
--
Fujii Masao
NTT DATA Japan Corporation
From 89aa95ed9d2cc19950d373b3dde30897ac85f1b1 Mon Sep 17 00:00:00 2001
From: Fujii Masao <fu...@postgresql.org>
Date: Tue, 3 Jun 2025 16:39:50 +0900
Subject: [PATCH v1] doc: Add note about "Client User" and "Superuser" fields
in \conninfo output.
In the \conninfo psql command, the "Client User" column shows the user who
established the connection, while the "Superuser" column reflects whether
the current user in the current execution context is a superuser. This means
the users referred to in these columns can differ, for example, if the current
user was changed with the SET ROLE command.
This commit adds a note to the \conninfo documentation to clarify
this behavior and avoid potential confusion.
---
doc/src/sgml/ref/psql-ref.sgml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml
index 8f7d8758ca0..473883752a4 100644
--- a/doc/src/sgml/ref/psql-ref.sgml
+++ b/doc/src/sgml/ref/psql-ref.sgml
@@ -1103,6 +1103,17 @@ SELECT $1 \parse stmt1
Outputs information about the current database connection,
including TLS-related information if TLS is in use.
</para>
+ <para>
+ Note that the <structfield>Superuser</structfield> column does not
+ necessarily reflect the privileges of the user shown in
+ <structfield>Client User</structfield>.
+ <structfield>Client User</structfield> shows the user at the time
+ of connection, while <structfield>Superuser</structfield> indicates
+ whether the current user (in the current execution context) has
+ superuser privileges. These users are usually the same, but they can
+ differ, for example, if the current user was changed with the
+ <command>SET ROLE</command> command.
+ </para>
</listitem>
</varlistentry>
--
2.49.0
