Bruce Momjian <pgman@candle.pha.pa.us> writes:
> I am documenting this behavior in the CREATE VIEW manual page, diff
> attached.
> + <para>
> + While access to tables in the view is controlled entirely by permissions
> + on the view, functions called by the view are checked independently.
> + </para>
That seems a tad vague, not to say content-free. Perhaps instead say
"Access to tables referenced in the view is determined by permissions of
the view owner. However, functions called in the view are treated the
same as if they had been called directly from the query using the view.
Therefore the user of a view must have permissions to call all functions
used by the view."
As I said earlier, it's quite possible that we should consider this a
mistake. But it's way too late to consider fixing it for 7.4, even if
we had consensus that it should be changed, which I don't think we do
yet. In the meantime we should document the behavior clearly.
regards, tom lane