In the preceding recipes, we just logged the value of the
user variable in the current PostgreSQL session to log the current user role.
This does not always mean that this particular user was the user that was actually authenticated at the start of session. For example, a superuser can execute the
SET ROLE TO … command to set its current role to any other user or role in the system. As you might expect, non-superusers can assume only those roles that they own.
It is possible to differentiate between the logged-in role and the assumed role using the
session_user session variables:
postgres=# select current_user, session_user; current_user | session_user --------------+-------------- postgres ...