Making "SECURITY DEFINER" procedures

From: Sergey Holod <sss(at)radiocom(dot)net(dot)ua>
To: pgsql-general(at)postgresql(dot)org
Subject: Making "SECURITY DEFINER" procedures
Date: 2003-04-29 20:51:32
Message-ID: 200304292351.32008.sss@radiocom.net.ua
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hello!!!

Just trying to make subj

I made user "data", schema "data", several tables and small procedures on them
in that schema and then a greater function (as "SECURITY DEFINER") in
"public" schema which uses previous functions.
I graned "EXECUTE" access to that function to "PUBLIC".

When I try execute that function I get "ERROR: data: permission denied", but
when I add some notices between parts of function I see following:

tst=> select new_session('sergey','mypassword');
NOTICE: current user is data
NOTICE: after delete
NOTICE: after select
NOTICE: after insert
NOTICE: before return
ERROR: data: permission denied

so function executed with "data" privilegies, It deletes some data,
inserts another and so on, It even runs till "return", but then I get error...

It seems last error takes place during "auto commit" of transaction in which
function executes..

Just don't undestand what is happens..:(

--
With Best Regards,
Sergey Holod

Browse pgsql-general by date

  From Date Subject
Next Message Jim C. Nasby 2003-04-29 20:56:03 ERROR: ExecutePlan: (junk) `ctid' is NULL!
Previous Message Ron Mayer 2003-04-29 20:44:43 dump/restore to 7.4devel giving "[archiver (db)] error returned by PQputline"