Обсуждение: Separating function privileges from tables
Hi all, It's nice that privileges on views are separate from the privileges on its underlying tables. For example, if view V queries tables A and B, I only need to grant SELECT on the view to another user; tables A and B can have that privilege revoked and the view works. Are there plans to extend similar behavior to functions? That is, can I simply grant EXECUTE on the function and not have to worry about granting the appropriate privileges to the tables used by the function? Thanks. -B
Barry Brown <barry@cs.sierracollege.edu> writes: > It's nice that privileges on views are separate from the privileges > on its underlying tables. For example, if view V queries tables A and > B, I only need to grant SELECT on the view to another user; tables A > and B can have that privilege revoked and the view works. > Are there plans to extend similar behavior to functions? That is, can > I simply grant EXECUTE on the function and not have to worry about > granting the appropriate privileges to the tables used by the function? I think you are looking for SECURITY DEFINER function option. regards, tom lane