From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
---|---|
To: | Ian Lewis <ilewismsl(at)gmail(dot)com> |
Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Means to emulate global temporary table |
Date: | 2017-01-12 01:36:46 |
Message-ID: | 0dcbeead-da8d-a771-f8ec-965fdc451181@aklaver.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 01/11/2017 05:30 PM, Ian Lewis wrote:
Ccing list
> On Wed, Jan 11, 2017 at 4:38 PM, Adrian Klaver
> <adrian(dot)klaver(at)aklaver(dot)com <mailto:adrian(dot)klaver(at)aklaver(dot)com>> wrote:
>
> So what makes them temporary as they seem to persist between sessions?
>
>
> They are temporary in the sense that the content of the table is
> per-session, just as a local temporary table would be. That is, each
> session has its own independent data set. But, the table is defined and
> accessible within the schema as a normal table would be.
So what is the relationship of clients to sessions?
>
> While efficiency is not an issue in our usage, on our current server,
> they are very efficient because they do not need to handle locking as a
> normal table would do because only one session can access the data.
>
>
> That can be handled with SECURITY DEFINER:
>
> https://www.postgresql.org/docs/9.6/static/sql-createfunction.html
> <https://www.postgresql.org/docs/9.6/static/sql-createfunction.html>
> "EXTERNAL] SECURITY INVOKER
> [EXTERNAL] SECURITY DEFINER
>
> SECURITY INVOKER indicates that the function is to be
> executed with the privileges of the user that calls it. That is
> the default. SECURITY DEFINER specifies that the function is to
> be executed with the privileges of the user that created it.
>
> The key word EXTERNAL is allowed for SQL conformance, but it
> is optional since, unlike in SQL, this feature applies to all
> functions not only external ones.
>
>
> "
>
>
>
> I will look at this in more detail, but, on first reading, I do not
> quite see how it helps.
Well you where saying that having a client create a table would result
in it having the clients permissions instead of the servers. Doing the
table creation through a function with SECURITY INVOKER would allow you
to 'shape' the permissions.
>
> Ian Lewis (www.mstarlabs.com <http://www.mstarlabs.com>)
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | Karl Czajkowski | 2017-01-12 02:12:44 | Re: Are new connection/security features in order, given connection pooling? |
Previous Message | David G. Johnston | 2017-01-12 01:25:21 | Re: temporarily disable autovacuum on a database or server ? |