On Tue, Jun 3, 2025 at 4:28 AM Fujii Masao <masao.fu...@oss.nttdata.com> wrote: > On 2025/06/02 21:53, David G. Johnston wrote: > > On Sunday, June 1, 2025, Fujii Masao <masao.fu...@oss.nttdata.com > > <mailto:masao.fu...@oss.nttdata.com>> wrote: > > > > On 2025/06/02 14:24, David G. Johnston wrote: > > > > On Sunday, June 1, 2025, Fujii Masao <masao.fu...@oss.nttdata.com > > <mailto:masao.fu...@oss.nttdata.com> <mailto:masao.fu...@oss.nttdata.com > > <mailto:masao.fu...@oss.nttdata.com>>> wrote: > > > > Also, I noticed that the "Client User" column reflects the > > user at > > the time of connection, while the "Superuser" column reflects > > whether > > the current user in the current execution context is a > > superuser. > > This means the users referred to in these columns can differ. > > It might be worth aligning this behavior, or at least noting > > the distinction > > clearly in the documentation? > > > > > > The behavior seems consistent with the reality of our protocol and > > libpq. What did you have in mind for documentation changes? > > > > > > How about adding a note like this? > > > > ---------------------- > > Note that the "Superuser" column does not necessarily reflect the > > privileges of the user shown in "Client User". "Client User" shows the user > > at the time of connection, while "Superuser" indicates whether the current > > user (in the current execution context) has superuser privileges. These > > users are usually the same, but they can differ, for example, if the > > current user was changed with the SET ROLE command. > > ---------------------- > > > > > > Where would you put that? > > I was thinking to add a note to the \conninfo documentation, as shown > in the attached patch. I don't have a better alternative at the moment. >
+1 on the idea to put it there; if someone gets confused about the behavior, that seems like the place they'd go to look it up. Though I would wordsmith the patch a little: + Note that the <structfield>Client User</structfield> field shows the user at the time + of connection, while the <structfield>Superuser</structfield> field indicates + whether the current user (in the current execution context) has + superuser privileges. These users are usually the same, but they can + differ, for example, if the current user was changed with the + <command>SET ROLE</command> command. Robert Treat https://xzilla.net
