Switch user ID to the object owner when populating a materialized view.
This makes superuser-issued REFRESH MATERIALIZED VIEW safe regardless of
the object's provenance. REINDEX is an earlier example of this pattern.
As a downside, functions called from materialized views must tolerate
running in a security-restricted operation. CREATE MATERIALIZED VIEW
need not change user ID. Nonetheless, avoid creation of materialized
views that will invariably fail REFRESH by making it, too, start a
security-restricted operation.
Back-patch to 9.3 so materialized views have this from the beginning.
Reviewed by Kevin Grittner.
Branch
------
REL9_3_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/fb7c0ac42e1a8e3cde74e83e2c758ada8c62a35e
Modified Files
--------------
doc/src/sgml/ref/create_materialized_view.sgml | 4 +++-
src/backend/commands/createas.c | 30 ++++++++++++++++++++++++
src/backend/commands/matview.c | 19 +++++++++++++++
3 files changed, 52 insertions(+), 1 deletion(-)