Excerpts from Dave Fennell's message of vie jun 24 10:48:40 -0400 2011: > Not sure if this is a bug or possibly just undocumented (or unclearly > documented) behaviour but the interaction of functions defined as "security > definer" and functions defined as "security invoker" is not what I would > expect. > > I would expect that if a function defined as "security definer" calls a > function defined as "security invoker" the "invoker" role used would be the > "definer" of the first function? However it appears that the *actual* > invoker (current user) is used.
I think your problem is that you need an explicit SET ROLE to sub1 before calling sub1.func2(). Alternatively you could set up global so that it "inherits" (which would automatically give it the privileges that both sub1 and sub2 have). There doesn't seem to be a bug here. -- Álvaro Herrera <alvhe...@commandprompt.com> The PostgreSQL Company - Command Prompt, Inc. PostgreSQL Replication, Consulting, Custom Development, 24x7 support -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
