Re: Permissions within a function - Mailing list pgsql-hackers

From Hannu Krosing
Subject Re: Permissions within a function
Date
Msg-id 1103312449.3971.5.camel@fuji.krosing.net
Whole thread Raw
In response to Permissions within a function  (Thomas Hallgren <thhal@mailblocks.com>)
Responses Re: Permissions within a function
List pgsql-hackers
On R, 2004-12-17 at 21:12, Thomas Hallgren wrote:
> I'd like some views on the following issue.
> 
> The pljava function call handler will resolve a class name using a 
> loader that in turn uses a specific table in the PostgreSQL database. 
> Hence, the caller of the function must have select permissions on that 
> table or the function will fail. I would like to prevent this somehow 
> but I don't know how to go about that. Is there any way to bypass the 
> permissions when I do an SPI call from within a call handler somehow?

Would SECURITY DEFINER not work for pljava ?

Or if you are looking for something that has to be done inside the pl
handler maybe you should use another function with SECURITY DEFINER and
owned by superuser for function lookups ?

----------------
Hannu



pgsql-hackers by date:

Previous
From: Gaetano Mendola
Date:
Subject: Re: Stable functions problem
Next
From: Thomas Hallgren
Date:
Subject: Re: Permissions within a function