Home > mailing lists

Re: Re-enabling SET ROLE in security definer functions - Mailing list pgsql-hackers

From	Turner, Ian
Subject	Re: Re-enabling SET ROLE in security definer functions
Date	December 31, 2009 19:17:37
Msg-id	5D5C2F4B28E2514BBAB8E82572912B641C7E863618@NYCMBX3.winmail.deshaw.com Whole thread Raw
In response to	Re: Re-enabling SET ROLE in security definer functions (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Re-enabling SET ROLE in security definer functions (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

> -----Original Message-----
> From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
> Exactly.  If that's what you want, we can talk about it, but *SET ROLE
> doesn't solve that problem*.  In fact, a security definer function is a
> lot closer to solving that problem than SET ROLE is.  The premise of SET
> ROLE is that you can always get to any role that the session user could
> get to, so it doesn't "give up permissions" in any non-subvertible
> fashion.

For our purposes, SET ROLE is adequate, because the expression can't contain function calls. But there are alternative:
Wecould create an in-transaction SECURITY DEFINER procedure which executes the expression, then drop the procedure
beforecommitting. A built-in feature for doing something like what Heikki suggests could be even more useful. 

Cheers,

--Ian

pgsql-hackers by date:

From: Tom Lane
Date: 31 December 2009, 18:53:50
Subject: Re: Re-enabling SET ROLE in security definer functions

From: Robert Haas
Date: 31 December 2009, 19:17:43
Subject: Re: Serializable Isolation without blocking

Re: Re-enabling SET ROLE in security definer functions - Mailing list pgsql-hackers

Previous

Next