Re: function with security definer
| От | Tom Lane |
|---|---|
| Тема | Re: function with security definer |
| Дата | |
| Msg-id | 12693.1048518122@sss.pgh.pa.us обсуждение |
| Ответ на | function with security definer (Tomasz Myrta <jasiek@klaster.net>) |
| Ответы |
Re: function with security definer
Re: function with security definer |
| Список | pgsql-sql |
Tomasz Myrta <jasiek@klaster.net> writes:
> [ Can't do SET SESSION AUTHORIZATION in a postgres-owned function ]
That's because SET SESSION AUTHORIZATION looks to the original login
userid, not the current effective userid, to decide whether you're
allowed to do it. If it didn't work that way, a superuser couldn't
switch to any other identity after becoming a nonprivileged user.
I don't really see why you think this kluge is better than creating
multiple database users, anyway ...
regards, tom lane
В списке pgsql-sql по дате отправления: