Home > mailing lists

Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan? - Mailing list pgsql-general

From	Joe Van Dyk
Subject	Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan?
Date	November 22, 2013 05:15:18
Msg-id	CACfv+p+MOu8Q3_vD4=j70pDcOqbxSuGKLy1sQLaoON3a_u0kOQ@mail.gmail.com Whole thread Raw
In response to	Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-general

Tree view

On Thu, Nov 21, 2013 at 6:11 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

Joe Van Dyk <joe@tanga.com> writes:
> I had a function that was set to SECURITY INVOKER. I needed to give access
> to a view that uses this function to a role, so I made the function
> SECURITY DEFINER.

> The function is STABLE and is usually inlined and takes 2 ms to run.

> Immediately, the function quit being inlined and took 1500ms to run.

> Changing the function back to SECURITY DEFINER let the function be inlined
> again.

> On postgresql 9.3.1.

> Is this expected behavior?

Yes. SECURITY DEFINER functions can't be inlined --- there would be
noplace to effect the change of user ID.

regards, tom lane

Thanks. Is that documented somewhere? I looked, couldn't find anything.

pgsql-general by date:

From: Tom Lane
Date: 22 November 2013, 05:11:47
Subject: Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan?

From: Scott Marlowe
Date: 22 November 2013, 05:41:27
Subject: Re: corruption issue after server crash - ERROR: unexpected chunk number 0

Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan? - Mailing list pgsql-general

Previous

Next