| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Dominique Devienne <ddevienne(at)gmail(dot)com>, Guillaume Lelarge <guillaume(dot)lelarge(at)dalibo(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function |
| Date: | 2025-07-31 15:45:46 |
| Message-ID: | ff87bba0-9b9b-4dac-9f47-d2eefef42378@aklaver.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 7/31/25 08:06, David G. Johnston wrote:
> On Thursday, July 31, 2025, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com
> <mailto:adrian(dot)klaver(at)aklaver(dot)com>> wrote:
> So the below from the original post was not correct:
>
> "My setup ensures that the role I SET LOCAL ROLE to, has (indirectly)
> been granted DMLs on that table."
>
>
> Not incorrect, just insufficient since select is not a DML action.
1) Seems to be some difference on that:
https://www.contrib.andrew.cmu.edu/~shadow/sql/sql1992.txt
13 Data manipulation
13.5 <select statement: single row>
Function
Retrieve values from a specified row of a table.
2) What if you do SELECT some_data_mod_fnc()?
3) In the case at hand there was an implied SELECT as part of the DELETE.
>
> David J.
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dominique Devienne | 2025-07-31 15:54:27 | Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function |
| Previous Message | David G. Johnston | 2025-07-31 15:06:45 | Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function |