|SQL Language Reference / Functions|
SESSION_USER also always returns this value when used within stored routines.
If used within a stored routine created with EXTERNAL SECURITY DEFINER, however, CURRENT_USER and USER return the authorization identifier of the user that owns the schema of the routine. This is usually the creating user, although the database owner could be the creator as well.
These functions return a string of up to 128 characters.