| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com> |
| Cc: | "'pgsql-novice(at)postgresql(dot)org'" <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: Authorized privileges when calling a procedure |
| Date: | 2005-04-22 15:03:33 |
| Message-ID: | 837.1114182213@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
"Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com> writes:
> I have another question. It appears that when you create a procedure and
> grant access on it to another user, the user must have privileges to all
> objects that the procedure references. Can someone confirm this, and is
> there a way to change the privilege authorization to the user that defined
> the procedure?
Mark the function as SECURITY DEFINER --- this is like setuid programs
in Unix.
(No, it's not a very intuitive label for the behavior, but it's what
the SQL spec says to use.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruno Wolff III | 2005-04-22 15:14:18 | Re: Granting permission on a sequence to a group |
| Previous Message | tövis | 2005-04-22 14:59:54 | Re: Granting permission on a sequence to a group |