On Wed, 2021-12-01 at 21:34 +0100, Max Ziermann wrote: > I'm not sure where in the docs a clarification could best be placed. For > me, the confusion arises from the fact that the updatable views section > on the CREATE VIEW docs aren't very clear what *actually* happens when > performing insert/update etc. through a view. It seems like the > distinction between "security context" and the actual user might be > helpful to understand the behaviour. > > With this background in mind, I still think that the wording "the user > performing the update does not need ANY permissions on the underlying > base relations" (from CREATE VIEW; emphasis mine) is misleading. > However, to me, it would be perfectly fine if this statement was scoped > to the actual insert/update on the base relation, thus excluding > triggered functions (unless SECURITY DEFINERs).
You could send a documentation patch with your suggested wording. I agree that some more detail could be helpful. Yours, Laurenz Albe
