Обсуждение: Making "SECURITY DEFINER" procedures..

Поиск
Список
Период
Сортировка

Making "SECURITY DEFINER" procedures..

От
Sergey Holod
Дата:
Hello!!!

Just trying to make subj

I made user "data", schema "data", several tables and small procedures on them 
in that schema and then a greater function (as "SECURITY DEFINER") in 
"public" schema which uses previous functions.
I graned "EXECUTE" access to that function to "PUBLIC".

When I try execute that function I get "ERROR:  data: permission denied", but
when I add some notices between parts of function I see following:

tst=> select new_session('sergey','mypassword');  NOTICE:  current user is data  NOTICE:  after delete  NOTICE:  after
select NOTICE:  after insert  NOTICE:  before return  ERROR:  data: permission denied
 

so function executed with "data" privilegies, It deletes some data,
inserts another and so on, It even runs till "return", but then I get error...

It seems last error takes place during "auto commit" of transaction in which
function executes..

Just don't undestand what is happens..:(

-- 
With Best Regards,
Sergey Holod
SAH1-RIPE