On Thu, 10 Jan 2008, Tom Lane wrote:
> Just out of curiosity, what was pljava doing calling SetUserId?
> If I'd known about that I'd have thought harder about removing the
> function; but it's not clear to me why a PL should be doing that.
>
pljava wants to run code as the session user when inside a security
definer function. The sqlj spec has an install_jar function which
installs a library of java code and has an optional deployment descriptor
which can create functions against the library and tables for it to use.
The install_jar function is security definer to be able to register the
jar file in various sqlj tables that the calling user may not be able to
write to, but it wants to create the tables and function specified in the
deployement descriptor with the ownership of the user calling install_jar,
not the person who initially installed pljava.
Kris Jurka
