On Wed, Jun 30, 2004 at 12:00:44 -0400,
Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> That doesn't sound right to me at all. A SECURITY DEFINER function is
> self contained --- if we ever failed to execute it as the owning user,
> that would be a bug, and I'd be pleased to see an example.
>
> I do recall that if you have a function that is *not* SECURITY DEFINER,
> and you use it in a view, it will be invoked as the current user, not as
> the view creator which is what some people expect. It's fairly easy to
> get around this using SECURITY DEFINER, so it's unlikely that we'll
> change it ...
That is what I was probably thinking of.
