| From: | Joe Van Dyk <joe(at)tanga(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan? |
| Date: | 2013-11-22 02:14:26 |
| Message-ID: | CACfv+p+MOu8Q3_vD4=j70pDcOqbxSuGKLy1sQLaoON3a_u0kOQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Nov 21, 2013 at 6:11 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Joe Van Dyk <joe(at)tanga(dot)com> writes:
> > I had a function that was set to SECURITY INVOKER. I needed to give
> access
> > to a view that uses this function to a role, so I made the function
> > SECURITY DEFINER.
>
> > The function is STABLE and is usually inlined and takes 2 ms to run.
>
> > Immediately, the function quit being inlined and took 1500ms to run.
>
> > Changing the function back to SECURITY DEFINER let the function be
> inlined
> > again.
>
> > On postgresql 9.3.1.
>
> > Is this expected behavior?
>
> Yes. SECURITY DEFINER functions can't be inlined --- there would be
> noplace to effect the change of user ID.
>
> regards, tom lane
>
Thanks. Is that documented somewhere? I looked, couldn't find anything.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2013-11-22 02:41:21 | Re: corruption issue after server crash - ERROR: unexpected chunk number 0 |
| Previous Message | Tom Lane | 2013-11-22 02:11:44 | Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan? |