postgres/src/test/modules/unsafe_tests/sql/setconfig.sql

-- This is borderline unsafe in that an additional login-capable user exists
-- during the test run.  Under installcheck, a too-permissive pg_hba.conf
-- might allow unwanted logins as regress_authenticated_user_ssa.

ALTER USER regress_authenticated_user_ssa superuser;
CREATE ROLE regress_session_user;
CREATE ROLE regress_current_user;
GRANT regress_current_user TO regress_authenticated_user_sr;
GRANT regress_session_user TO regress_authenticated_user_ssa;
ALTER ROLE regress_authenticated_user_ssa
	SET session_authorization = regress_session_user;
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;

\c - regress_authenticated_user_sr
SELECT current_user, session_user;

-- The longstanding historical behavior is that session_authorization in
-- setconfig has no effect.  Hence, session_user remains
-- regress_authenticated_user_ssa.  See comment in InitializeSessionUserId().
\c - regress_authenticated_user_ssa
SELECT current_user, session_user;
RESET SESSION AUTHORIZATION;
DROP USER regress_session_user;
DROP USER regress_current_user;