| From: | dipti shah <shahdipti1980(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org, pgsql-novice <pgsql-novice(at)postgresql(dot)org> |
| Subject: | SET Role doesn't work from Security Definer Function... |
| Date: | 2010-02-22 17:47:26 |
| Message-ID: | d5b05a951002220947i5d746055v770d70e0d9408552@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-novice |
Hi,
I have just noticed that "SET ROLE" doesn't work from security definer
function. I don;t know why but it clearly gives the error that SET role
doesn;t work in security definer context.
Basically, I am trying to write a store procedure which creates a table
asked by user along with other associated logging tables and event tables
automatically. I want to make sure that when users use my stored procedure
to create table, they should be allowed only if they have permission to do
so.
If I create function in postgres user with Security Definer enabled, it will
allow to create any table with any foreign references etc...So I am setting
role to current_user in my function and then creating a table to make sure
that user has the appropriate privilege.
Since, SET Role is failing in security definer context, I am helpless now.
Could anyone suggest any workaround or solution to this issue. Is this is
known issue? Anybody already encountered it?
Thanks,
Dipti
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yang Zhang | 2010-02-22 17:51:19 | Re: Performance cost of a sort-merge join |
| Previous Message | Kevin Grittner | 2010-02-22 17:46:09 | Re: helo |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Bailey | 2010-02-22 18:07:56 | Re: What is unsecure postgres languages? How to disable them? |
| Previous Message | dipti shah | 2010-02-22 17:34:37 | Re: What is unsecure postgres languages? How to disable them? |