Re: Authorized privileges when calling a procedure

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com>
Cc: "'pgsql-novice(at)postgresql(dot)org'" <pgsql-novice(at)postgresql(dot)org>
Subject: Re: Authorized privileges when calling a procedure
Date: 2005-04-22 15:03:33
Message-ID: 837.1114182213@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

"Walker, Jed S" <Jed_Walker(at)cable(dot)comcast(dot)com> writes:
> I have another question. It appears that when you create a procedure and
> grant access on it to another user, the user must have privileges to all
> objects that the procedure references. Can someone confirm this, and is
> there a way to change the privilege authorization to the user that defined
> the procedure?

Mark the function as SECURITY DEFINER --- this is like setuid programs
in Unix.

(No, it's not a very intuitive label for the behavior, but it's what
the SQL spec says to use.)

regards, tom lane

In response to

Browse pgsql-novice by date

  From Date Subject
Next Message Bruno Wolff III 2005-04-22 15:14:18 Re: Granting permission on a sequence to a group
Previous Message tövis 2005-04-22 14:59:54 Re: Granting permission on a sequence to a group