Simon Riggs wrote:
>>
>>Clearly this is a must-fix issue, but I'm wondering exactly where the
>>check should be enforced. Is it sufficient to check at the time of
>>CREATE AGGREGATE that the creator has appropriate rights, or do we need
>>to do it every time the aggregate is used?
>
>
> Well spotted.
>
> Check should be once for each SQL statement in which the function is
> attempted to be used. Otherwise, an administrator might revoke EXECUTE
> privilege on a function that was used as part of an AGGREGATE, then
> discover that the user could still execute it in the way you suggest.
Or some sort of CASCADE should be required.
-- Richard Huxton Archonet Ltd