You are correct Tom that I want to perform some portion of function as
postgres user and other portion as current user.
As per you suggestion I did refactor and separated the portion that needs to
be executed as superuser to another function. But the thing is PostGreSQL
recognize when I call this
dipti shah escribió:
For your reference I did something like this:
1. Create Function foo1 (this is without SECURITY DEFINER where I am
using SET ROLE to current user).
2. Create Function foo2 with SECURITY DEFINER ...
spi_exe_query(select foo1()); == Here it throws the
No, I tried that but that can't be done in my requirements because my
function has to be run in super user context to create the table in schema
where normal users have only USAGE permissions. If I remove SECURITY DEFINER
then my stored procedure will be failed for all users by saying permission
This issue is driving me crazy. Could any one please suggest me any
workaround?
For summary of issue,
1. I don't want any users to perform any action on mydb schema without
using my stored procedure. So I revoke ALL permissions from mydb schema and
assigned only USAGE permissions.
2. As my
Hi,
I have just noticed that SET ROLE doesn't work from security definer
function. I don;t know why but it clearly gives the error that SET role
doesn;t work in security definer context.
Basically, I am trying to write a store procedure which creates a table
asked by user along with other
dipti shah shahdipti1...@gmail.com writes:
I have just noticed that SET ROLE doesn't work from security definer
function. I don;t know why but it clearly gives the error that SET role
doesn;t work in security definer context.
This is intentional because allowing it creates security holes.
If