*** pgsql/src/backend/commands/variable.c	2009/06/11 14:48:56	1.130
--- pgsql/src/backend/commands/variable.c	2009/09/03 22:08:13	1.130.2.1
***************
*** 9,15 ****
   *
   *
   * IDENTIFICATION
!  *	  $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.129 2009/01/01 17:23:40 momjian Exp $
   *
   *-------------------------------------------------------------------------
   */
--- 9,15 ----
   *
   *
   * IDENTIFICATION
!  *	  $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.130 2009/06/11 14:48:56 momjian Exp $
   *
   *-------------------------------------------------------------------------
   */
*************** assign_session_authorization(const char
*** 717,737 ****
  		/* not a saved ID, so look it up */
  		HeapTuple	roleTup;
  
- 		if (InSecurityDefinerContext())
- 		{
- 			/*
- 			 * Disallow SET SESSION AUTHORIZATION inside a security definer
- 			 * context.  We need to do this because when we exit the context,
- 			 * GUC won't be notified, leaving things out of sync.  Note that
- 			 * this test is positioned so that restoring a previously saved
- 			 * setting isn't prevented.
- 			 */
- 			ereport(GUC_complaint_elevel(source),
- 					(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
- 					 errmsg("cannot set session authorization within security-definer function")));
- 			return NULL;
- 		}
- 
  		if (!IsTransactionState())
  		{
  			/*
--- 717,722 ----
*************** assign_role(const char *value, bool doit
*** 838,861 ****
  		}
  	}
  
- 	if (roleid == InvalidOid && InSecurityDefinerContext())
- 	{
- 		/*
- 		 * Disallow SET ROLE inside a security definer context.  We need to do
- 		 * this because when we exit the context, GUC won't be notified,
- 		 * leaving things out of sync.	Note that this test is arranged so
- 		 * that restoring a previously saved setting isn't prevented.
- 		 *
- 		 * XXX it would be nice to allow this case in future, with the
- 		 * behavior being that the SET ROLE's effects end when the security
- 		 * definer context is exited.
- 		 */
- 		ereport(GUC_complaint_elevel(source),
- 				(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
- 				 errmsg("cannot set role within security-definer function")));
- 		return NULL;
- 	}
- 
  	if (roleid == InvalidOid &&
  		strcmp(actual_rolename, "none") != 0)
  	{
--- 823,828 ----