Re: View invoker privileges - Mailing list pgsql-hackers

From Joe Conway
Subject Re: View invoker privileges
Date
Msg-id 1ffc6fb0-ce4c-2ca7-9bd7-3cd3c76d4863@joeconway.com
Whole thread Raw
In response to Re: View invoker privileges  (Noah Misch <noah@leadboat.com>)
List pgsql-hackers
On 5/14/21 4:11 AM, Noah Misch wrote:
> On Wed, Apr 14, 2021 at 10:25:08AM +0300, Ivan Ivanov wrote:
>> In Postgres we can create view with view owner privileges only. What’s the
>> reason that there is no option to create view with invoker privileges? Is
>> there any technical or security subtleties related to absence of this
>> feature?
> 
> The SQL standard calls for the owner privileges behavior, and nobody has
> implemented an invoker privileges option.  I know of no particular subtlety.
> An SQL-language function can behave like an invoker-privileges view, but a
> view would allow more optimizer freedom.  It would be a good option to have.

+1

Joe

-- 
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: OOM in spgist insert
Next
From: Tom Lane
Date:
Subject: Re: OOM in spgist insert