Re: Invoking user of the function with SECURITY DEFINER - Mailing list pgsql-general

From Madan Kumar
Subject Re: Invoking user of the function with SECURITY DEFINER
Date
Msg-id CAMtsaPGCaXAUjopfnSxB6uyKsphR6+uoT+29yNM3CgfDqn31Og@mail.gmail.com
Whole thread Raw
In response to Re: Invoking user of the function with SECURITY DEFINER  (raf <raf@raf.org>)
Responses Re: Invoking user of the function with SECURITY DEFINER
List pgsql-general
Got it..
In my case i was getting session_user in declare section and trying to validate later which always resulted in the function owner.
 DECLARE
user text := SESSION_USER;

So using it within the BEGIN; ...; END; clause worked for me.
Thanks.


Warm Regards,
 
"There is no Elevator to Success. You have to take the Stairs"


On Sun, Nov 25, 2018 at 2:24 AM raf <raf@raf.org> wrote:
Laurenz Albe wrote:

> Madan Kumar wrote:
> > How to get the user who is invoking the function with SECURITY DEFINER?
> > When we define the function to be SECURITY DEFINER, it will execute in the
> > context of the user who created it. Let's say I've given execute permission
> > for this function to other users and wish to know who is executing it.
> > Is there a way to find that out?
> > I tried CURRENT_USER and SESSION_USER but they return the function owner
> > since they execute in that context. So is there any way to figure out the
> > user who is invoking the function?
>
> It works for me:
>
> As user "postgres":
>
> CREATE OR REPLACE FUNCTION tellme() RETURNS text LANGUAGE plpgsql
>    SECURITY DEFINER AS 'BEGIN RETURN session_user; END;';
>
> As user "laurenz":
>
> SELECT tellme();
>  tellme 
> ---------
>  laurenz
> (1 row)
>
> Yours,
> Laurenz Albe

session_user has always worked for me.

cheers,
raf


pgsql-general by date:

Previous
From: raf
Date:
Subject: Re: Invoking user of the function with SECURITY DEFINER
Next
From: Condor
Date:
Subject: Re: Question about index on different tablespace and rebuild it