On Wed, Oct 13, 2021 at 7:45 PM Jeff Davis <pg...@j-davis.com> wrote: > users to be relying on that undocumented function. Is there a good way > to define a view kind of like a SECURITY DEFINER function so that the > superuser would only need to issue a GRANT statement on the view?
According to https://www.postgresql.org/docs/current/sql-createview.html it always works like that: "Access to tables referenced in the view is determined by permissions of the view owner. In some cases, this can be used to provide secure but restricted access to the underlying tables." Hmm, unless that rule is only being applied for *tables* and not for *functions*? I guess that could be true, but if so, it sure seems inconsistent. -- Robert Haas EDB: http://www.enterprisedb.com
