On Mon, May 03, 2004 at 15:12:00 -0700,
Marvin McNett <mmcnett@cs.ucsd.edu> wrote:
> How do I go about ensuring that data is only added to a table through a
> function? I've tried granting execute persission on the function which
> inserts data, but can't get it to work unless the user also has insert
> permission on the table. I don't want the user to be able to
> arbitrarily insert data.
You need to use SECURITY DEFINER so that the function runs with the
access of its definer instead of its invoker.
