On Mon, Mar 22, 2010 at 10:03 AM, Stephen Frost <sfrost@snowman.net> wrote:
> * Robert Haas (robertmhaas@gmail.com) wrote:
>> Sometimes it would be nice to conditionalize queries on a value other
>> than the authenticated role. I really wish we had some kind of SQL
>> variable support. Talking out of my rear end:
>
> I certainly agree- having variable support in the backend would
> definitely be nice. I'd want it to be explicit and distinct from GUCs
> though, unlike the situation we have w/ psql right now.
Agreed.
> All that said,
> I'm not really a huge fan of write-your-own-authorization-system in
> general. If the existing authorization system isn't sufficient for what
> you want, then let's improve it. There may be specific cases where
> what's needed is particularly complex, but that's what security definer
> functions are for..
Fortunately this functionality also has other uses, so I don't know
that we really need to decide which of those uses we approve of more
or less.
Does the SQL standard specify anything in this area?
...Robert