Thread: current_user inside SECURITY DEFINER function?
Is there any way to get the name of the current user inside a PL/pgSQL function that is defined with security definer? current_user gives the name of the user who created the function. The reason I want this is that I intend to use functions to maintain security, like this: userA has only select permission on myTable. The only way userA can insert to myTable is by providing parameters for and executing myFunction. myFunction was created by user postgres who does have insert permission on myTable. However the code inside myFunction needs to do different things, depending on who called it. Is there any way of getting the user? regards Richard
On Tue, 5 Jul 2005, Richard Hayward wrote: > Is there any way to get the name of the current user inside a PL/pgSQL > function that is defined with security definer? IIRC, SESSION_USER should give the original user.
* Richard Hayward (richard@tortoise.demon.co.uk) wrote:
> Is there any way of getting the user?
You might try session_user. 8.1 will hopefully clean this up some.
Thanks,
Stephen
Attachment
I think you want to use session_user instead Adam > Is there any way to get the name of the current user inside a PL/pgSQL > function that is defined with security definer? > > current_user gives the name of the user who created the function. > > The reason I want this is that I intend to use functions to maintain > security, like this: > > userA has only select permission on myTable. > > The only way userA can insert to myTable is by providing parameters > for and executing myFunction. > > myFunction was created by user postgres who does have insert > permission on myTable. However the code inside myFunction needs to do > different things, depending on who called it. > > Is there any way of getting the user? > > regards > Richard > > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Stephen Frost wrote: > * Richard Hayward (richard@tortoise.demon.co.uk) wrote: > > Is there any way of getting the user? > > You might try session_user. 8.1 will hopefully clean this up some. Why would it? This is SQL standard behavior that should not be changed. -- Peter Eisentraut http://developer.postgresql.org/~petere/
* Peter Eisentraut (peter_e@gmx.net) wrote:
> Stephen Frost wrote:
> > * Richard Hayward (richard@tortoise.demon.co.uk) wrote:
> > > Is there any way of getting the user?
> >
> > You might try session_user. 8.1 will hopefully clean this up some.
>
> Why would it? This is SQL standard behavior that should not be changed.
It'll match the SQL spec, I'm not sure it does now, that was more of my
point than anything else. :)
Stephen
Attachment
On Wed, 6 Jul 2005 06:33:58 -0700 (PDT), sszabo@megazone.bigpanda.com (Stephan Szabo) wrote: >SESSION_USER should give the original user. Thanks all, that does what I want. regards Richard