Thanks for the reply
> VIEWs operate as if they were "SECURITY DEFINER".
My concern is that the view is not acting as a security barrier underneath
which all access is evaluated using the view owner context; in some
circumstances (when the view calls a function) the access is evaluated using
t
On 2/22/21 10:32 PM, David Wheeler wrote:
> I’m seeing some inconsistency with how permissions are enforced within views.
> In
> particular, if the view accesses a table directly, then the table is
> accessible,
> however if the view uses a function to access the table then permission is
> denie
