Dominique Devienne:
> 1) Is there any way to know the current_role of the caller of a
> DEFINER function. I fear the answer is no, but better be sure from
> experts here.
You can do something like this:
CREATE DOMAIN current_user_only AS text
CONSTRAINT current_user_only CHECK (VALUE = CURRENT_USER);
CREATE FUNCTION func(
calling_user current_user_only DEFAULT CURRENT_USER
) ... SECURITY DEFINER;
The default value will be evaluated in the context of the calling user,
the constraint forces it to never be set explicitly to something else.
Thus you can use calling_user inside your function.
Best,
Wolfgang