Quick Links

Re: function with security definer

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Tomasz Myrta <jasiek(at)klaster(dot)net>
Cc:	"'pgsql-sql(at)postgresql(dot)org'" <pgsql-sql(at)postgresql(dot)org>
Subject:	Re: function with security definer
Date:	2003-03-24 15:02:02
Message-ID:	12693.1048518122@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-sql

Tomasz Myrta <jasiek(at)klaster(dot)net> writes:
> [ Can't do SET SESSION AUTHORIZATION in a postgres-owned function ]

That's because SET SESSION AUTHORIZATION looks to the original login
userid, not the current effective userid, to decide whether you're
allowed to do it. If it didn't work that way, a superuser couldn't
switch to any other identity after becoming a nonprivileged user.

I don't really see why you think this kluge is better than creating
multiple database users, anyway ...

regards, tom lane

In response to

function with security definer at 2003-03-24 09:54:54 from Tomasz Myrta

Responses

Re: function with security definer at 2003-03-24 11:16:55 from Tomasz Myrta
Re: function with security definer at 2003-03-24 18:36:31 from Antti Haapala

Browse pgsql-sql by date

	From	Date	Subject
Next Message	Stephan Szabo	2003-03-24 15:12:35	Re: Complex outer joins?
Previous Message	Andreas Pflug	2003-03-24 14:30:45	UPDATE FROM portability