Home > mailing lists

Re: function with security definer - Mailing list pgsql-sql

From	Tom Lane
Subject	Re: function with security definer
Date	March 24, 2003 13:02:11
Msg-id	12693.1048518122@sss.pgh.pa.us Whole thread Raw
In response to	function with security definer (Tomasz Myrta <jasiek@klaster.net>)
Responses	Re: function with security definer ("Tomasz Myrta" <jasiek@klaster.net>) Re: function with security definer (Antti Haapala <antti.haapala@iki.fi>)
List	pgsql-sql

Tree view

Tomasz Myrta <jasiek@klaster.net> writes:
> [ Can't do SET SESSION AUTHORIZATION in a postgres-owned function ]

That's because SET SESSION AUTHORIZATION looks to the original login
userid, not the current effective userid, to decide whether you're
allowed to do it.  If it didn't work that way, a superuser couldn't
switch to any other identity after becoming a nonprivileged user.

I don't really see why you think this kluge is better than creating
multiple database users, anyway ...
        regards, tom lane

pgsql-sql by date:

From: Andreas Pflug
Date: 24 March 2003, 12:30:46
Subject: UPDATE FROM portability

From: Stephan Szabo
Date: 24 March 2003, 13:12:37
Subject: Re: Complex outer joins?

Re: function with security definer - Mailing list pgsql-sql

Previous

Next