Zeugswetter Andreas SB <ZeugswetterA@wien.spardat.at> writes:
> Without making the "definer" need an additional grant for creating such
> a function, it would be like giving him all the privs he has
> "with grant option".
Hmm ... interesting analogy, but does it hold water? The GRANT OPTION
stuff implies the right to pass on your privileges to someone else
*permanently*. A setuid function only lets someone else do the same
things you can do at the time it is called. There's nothing there that
couldn't be done by having the one user ask the other to do something
using an outside-the-database communication channel. So I really don't
see a security issue.
I also don't see any privilege of this type in SQL92 (which does have
the concept of setuid functions, in the form of modules).
regards, tom lane
