Stephen Frost <sfrost@snowman.net> writes:
> Alright, this isn't quite as open-and-shut as it may have originally
> seemed. We're apparently cacheing the temp tablespaces which should be
> used, even across set role's and security definer functions, which I
> would argue isn't correct.
Ah. Yeah, that would be true.
We do have mechanism that forces search_path to be recomputed across
changes of active role, but it's expensive to do that, and it seems
of rather debatable value to do it here --- it certainly wouldn't
improve Stephen's original problem, much less the other issues he
raises here.
What would people think of just eliminating the access-permissions
checks involved in temp_tablespaces? It would likely be appropriate to
change temp_tablespaces from USERSET to SUSET if we did so. So
essentially the worldview would become that the DBA is responsible for
the temp_tablespaces setting, not individual users.
regards, tom lane
