| From: | raf <raf(at)raf(dot)org> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Changing from security definer to security invoker without dropping ? |
| Date: | 2020-06-12 22:56:48 |
| Message-ID: | 20200612225648.4hbpvyf5w2j3m36a@raf.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Laura Smith wrote:
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Thursday, 11 June 2020 08:39, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> wrote:
>
> > Hi
> >
> > čt 11. 6. 2020 v 9:29 odesílatel Laura Smith <n5d9xq3ti233xiyif2vp(at)protonmail(dot)ch> napsal:
> >
> > > Hi,
> > >
> > > Just curious if there is a way to switch a function from definer to invoker without dropping ?
> >
> > create function foo(a int) returns int as $$ begin return $1; end $$ language plpgsql;
> >
> > postgres=# alter function foo (int) security definer;
> > ALTER FUNCTION
> > postgres=# alter function foo (int) security invoker;
> > ALTER FUNCTION
> >
> > regards
> >
> > Pavel
>
> Thanks Pavel ! Didn't realise it was that easy.
"create or replace function..." with "security invoker"
(or without "security definer" since security invoker
is the default) is probably another way to do it, but
it would be slower than "alter function" since it needs
to parse the code again. That might matter if you have
many functions to change.
Bear in mind that things might break with such a change.
There might be a reason that the functions needed to be
created as security definers. I'd recommend checking
each function's need to be a security definer before
changing it (or just test it thoroughly somewhere).
cheers,
raf
| From | Date | Subject | |
|---|---|---|---|
| Next Message | sekhar chandra | 2020-06-12 22:56:51 | Fwd: not able to give usage access to public schema |
| Previous Message | Rene Romero Benavides | 2020-06-12 20:37:37 | Re: ansible modules for postgresql installation/config |