Simon Riggs wrote:
Clearly this is a must-fix issue, but I'm wondering exactly where the
check should be enforced. Is it sufficient to check at the time of
CREATE AGGREGATE that the creator has appropriate rights, or do we need
to do it every time the aggregate is used?
Well spotted.
Check should be once for each SQL statement in which the function is
attempted to be used. Otherwise, an administrator might revoke EXECUTE
privilege on a function that was used as part of an AGGREGATE, then
discover that the user could still execute it in the way you suggest.
Or some sort of CASCADE should be required.
--
Richard Huxton
Archonet Ltd
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
