Making "SECURITY DEFINER" procedures - Mailing list pgsql-novice

From Sergey Holod
Subject Making "SECURITY DEFINER" procedures
Date
Msg-id 200304292352.26837.sergey@radiocom.net.ua
Whole thread Raw
List pgsql-novice
Hello!!!

Just trying to make subj

I made user "data", schema "data", several tables and small procedures on them
in that schema and then a greater function (as "SECURITY DEFINER") in
"public" schema which uses previous functions.
I graned "EXECUTE" access to that function to "PUBLIC".

When I try execute that function I get "ERROR:  data: permission denied", but
when I add some notices between parts of function I see following:

tst=> select new_session('sergey','mypassword');
   NOTICE:  current user is data
   NOTICE:  after delete
   NOTICE:  after select
   NOTICE:  after insert
   NOTICE:  before return
   ERROR:  data: permission denied

so function executed with "data" privilegies, It deletes some data,
inserts another and so on, It even runs till "return", but then I get error...

It seems last error takes place during "auto commit" of transaction in which
function executes..

Just don't undestand what is happens..:(

--
With Best Regards,
Sergey Holod


pgsql-novice by date:

Previous
From: Sepp Rudel
Date:
Subject: Q: timestamp - timestamp
Next
From: Josh Berkus
Date:
Subject: Re: Q: timestamp - timestamp