EXPLAIN ANALYZE CREATE MATERIALIZED VIEW doesn't go through
ExecCreateTableAs(), but does use CreateIntoRelDestReceiver().
That bypasses the SECURITY_RESTRICTED_OPERATION in ExecCreateTableAs().
That is *not* a security problem, because the
SECURITY_RESTRICTED_OPERATION in CREATE MATERIALIZED VIEW is merely for
consistency with a later REFRESH MATERIALIZED VIEW command where the
SECURITY_RESTRICTED_OPERATION is important.
But it is inconsistent. For example:
create or replace function set() returns int
language plpgsql as $$
begin
create temp table x(i int);
return 42;
end;
$$;
create materialized view mv1 as select set(); -- fails
explain analyze
create materialized view mv1 as select set(); -- succeeds
Relatedly, if we can EXPLAIN a CREATE MATERIALIZED VIEW, perhaps we
should be able to EXPLAIN a REFRESH MATERIALIZED VIEW, too?
Comments?
Regards,
Jeff Davis
