Thread: Can the username calling a function be made available within the function?
I'd like to be able to have a PL/pgSQL function defined as SECURITY DEFINER, but still have access to the calling username within the function. Is this possible? I could pass current_user as a parameter, but of course this could easily be bypassed. Is there a way of coding this? Thanks for any help Adam -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Can the username calling a function be made available within the function?
From
Richard Huxton
Date:
On Wednesday 07 April 2004 11:23, Adam Witney wrote: > I'd like to be able to have a PL/pgSQL function defined as SECURITY > DEFINER, but still have access to the calling username within the function. > Is this possible? > > I could pass current_user as a parameter, but of course this could easily > be bypassed. > > Is there a way of coding this? Just "SELECT CURRENT_USER" into a variable. You might want SESSION_USER though. -- Richard Huxton Archonet Ltd
Re: Can the username calling a function be made available within the function?
From
Bruno Wolff III
Date:
On Wed, Apr 07, 2004 at 11:23:25 +0100, Adam Witney <awitney@sghms.ac.uk> wrote: > > I'd like to be able to have a PL/pgSQL function defined as SECURITY DEFINER, > but still have access to the calling username within the function. Is this > possible? > > I could pass current_user as a parameter, but of course this could easily be > bypassed. > > Is there a way of coding this? You probably want session_user.