| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Noah Misch <noah(at)leadboat(dot)com>, Ivan Ivanov <m7onov(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: View invoker privileges |
| Date: | 2021-05-14 13:54:26 |
| Message-ID: | 1ffc6fb0-ce4c-2ca7-9bd7-3cd3c76d4863@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 5/14/21 4:11 AM, Noah Misch wrote:
> On Wed, Apr 14, 2021 at 10:25:08AM +0300, Ivan Ivanov wrote:
>> In Postgres we can create view with view owner privileges only. What’s the
>> reason that there is no option to create view with invoker privileges? Is
>> there any technical or security subtleties related to absence of this
>> feature?
>
> The SQL standard calls for the owner privileges behavior, and nobody has
> implemented an invoker privileges option. I know of no particular subtlety.
> An SQL-language function can behave like an invoker-privileges view, but a
> view would allow more optimizer freedom. It would be a good option to have.
+1
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-05-14 13:54:33 | Re: OOM in spgist insert |
| Previous Message | Tom Lane | 2021-05-14 13:40:53 | Re: OOM in spgist insert |