Tom Lane <t...@sss.pgh.pa.us> wrote: > A less bizarre and considerably more future-proof restriction, > IMO, would simply refuse any attempt to give ownership of a C > function to a non-superuser. We have C replication trigger functions where this would be a bad thing. They can't work properly as SECURITY INVOKER, and I see it as a big step backwards in security to make the only other option SECURITY DEFINER with a superuser as the owner. It's not too hard to come up with other use cases where you want to grant one class of users rights to do something only through a certain function, not directly. So there is clearly a need to support ownership of functions, including C functions, by users who are effectively at an "intermediate" level of trust. We could conceivably use the database owner for that role, but that seem unnecessarily limiting. -Kevin
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
