Re: View invoker privileges

From: Noah Misch <noah(at)leadboat(dot)com>
To: Ivan Ivanov <m7onov(at)gmail(dot)com>
Cc: pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: View invoker privileges
Date: 2021-05-14 08:11:31
Message-ID: 20210514081131.GA2913841@rfd.leadboat.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Apr 14, 2021 at 10:25:08AM +0300, Ivan Ivanov wrote:
> In Postgres we can create view with view owner privileges only. What’s the
> reason that there is no option to create view with invoker privileges? Is
> there any technical or security subtleties related to absence of this
> feature?

The SQL standard calls for the owner privileges behavior, and nobody has
implemented an invoker privileges option. I know of no particular subtlety.
An SQL-language function can behave like an invoker-privileges view, but a
view would allow more optimizer freedom. It would be a good option to have.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Pavel Borisov 2021-05-14 08:21:28 Re: OOM in spgist insert
Previous Message Etsuro Fujita 2021-05-14 08:05:28 Re: naming of async_mode parameter