Home > mailing lists

Re: Invoking user of the function with SECURITY DEFINER - Mailing list pgsql-general

From	raf
Subject	Re: Invoking user of the function with SECURITY DEFINER
Date	November 24, 2018 23:54:14
Msg-id	20181124205414.awjyy2gqhuy46wrb@raf.org Whole thread Raw
In response to	Re: Invoking user of the function with SECURITY DEFINER (Laurenz Albe <laurenz.albe@cybertec.at>)
Responses	Re: Invoking user of the function with SECURITY DEFINER
List	pgsql-general

Tree view

Laurenz Albe wrote:

> Madan Kumar wrote:
> > How to get the user who is invoking the function with SECURITY DEFINER? 
> > When we define the function to be SECURITY DEFINER, it will execute in the
> > context of the user who created it. Let's say I've given execute permission
> > for this function to other users and wish to know who is executing it.
> > Is there a way to find that out?
> > I tried CURRENT_USER and SESSION_USER but they return the function owner
> > since they execute in that context. So is there any way to figure out the
> > user who is invoking the function?
> 
> It works for me:
> 
> As user "postgres":
> 
> CREATE OR REPLACE FUNCTION tellme() RETURNS text LANGUAGE plpgsql
>    SECURITY DEFINER AS 'BEGIN RETURN session_user; END;';
> 
> As user "laurenz":
> 
> SELECT tellme();
>  tellme  
> ---------
>  laurenz
> (1 row)
> 
> Yours,
> Laurenz Albe

session_user has always worked for me.

cheers,
raf

pgsql-general by date:

From: Glenn Schultz
Date: 22 November 2018, 21:43:28
Subject: Re: table value function help

From: Madan Kumar
Date: 25 November 2018, 14:50:11
Subject: Re: Invoking user of the function with SECURITY DEFINER

Re: Invoking user of the function with SECURITY DEFINER - Mailing list pgsql-general

Previous

Next