On Fri, Apr 23, 2004 at 08:49:46 +0100,
Oliver Elphick <olly@lfix.co.uk> wrote:
>
> 4. I had one problem question which I couldn't solve, though I'm fairly
> sure it should be possible: Can we create a function that can have
> privileges on an object that the person running the function does not
> have? The user wants to channel all updates through a validating
> function; therefore users should not have insert, update or delete
> privileges on the table, but they should be able to do inserts, updates
> and deletes through this function instead.
You can create functions with 'SECURITY DEFINER' to access objects as
the function creator instead of the function caller.
