Switch user ID to the object owner when populating a materialized view.
This makes superuser-issued REFRESH MATERIALIZED VIEW safe regardless of
the object's provenance. REINDEX is an earlier example of this pattern.
As a downside, functions called from materialized views must tolerate
running in a security-restricted operation. CREATE MATERIALIZED VIEW
need not change user ID. Nonetheless, avoid creation of materialized
views that will invariably fail REFRESH by making it, too, start a
security-restricted operation.
Back-patch to 9.3 so materialized views have this from the beginning.
Reviewed by Kevin Grittner.
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/f3ab5d46960023cf8a9df3751ab9748ce01a46a0
Modified Files
--------------
doc/src/sgml/ref/create_materialized_view.sgml | 4 +++-
src/backend/commands/createas.c | 30 ++++++++++++++++++++++++
src/backend/commands/matview.c | 19 +++++++++++++++
3 files changed, 52 insertions(+), 1 deletion(-)