On 9/25/23 14:03, Jeff Davis wrote:
On Mon, 2023-09-25 at 12:00 -0400, Joe Conway wrote:
Should there be a way to have a separate "execution" search_path?

I hadn't considered that and I like that idea for a few reasons:

   * a lot of the problem cases are for functions that don't need to
access tables at all, e.g., in an index expression.
   * it avoids annoyances with pg_temp, because that's not searched for
functions/operators anyway
   * perhaps we could force the object search_path to be empty for
IMMUTABLE functions?

I haven't thought it through in detail, but it seems like a promising
approach.


Related to this, it would be useful if you could grant create on schema for only non-executable objects. You may want to allow a user to create their own tables but not allow them to create their own functions, for example. Right now "GRANT CREATE ON SCHEMA foo" gives the grantee the ability to create "all the things".

--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com



Reply via email to