ExactaBox
Reputation: 3395
SECURITY DEFINER - privileges of the function's creator, or owner?
Postgres's official docs indicate that functions defined with SECURITY DEFINER run with privileges of the user who created it.
However other sources, such as here and here, claim it is the privileges of the owner of the function.
Which is correct?
(for 9.4+)
Upvotes: 19
Views: 13039
Answers (1)
klin
Reputation: 121574
Usually (initially) the creator is the owner. However, if the owner of the function has been changed, security definer applies to the new owner. Per the documentation:
new_owner - The new owner of the function. Note that if the function is marked SECURITY DEFINER, it will subsequently execute as the new owner.
Upvotes: 25
Related Questions
- PostgreSQL - DB user should only be allowed to call functions
- How postgresql give permission what execute a function in schema to user
- Execute Permission on Function not Enough in PostgreSQL?
- How to grant EXECUTE permissions for yet to be defined functions
- Permissions check postgresql function
- Why Postgres does not grant EXECUTE on function to PUBLIC as documented?
- postgresql privileges Ensuring inserts are only done through functions
- How to alter owner of a function in postgres
- How to do one user postgresql with privileges only execute functions
- PostgreSQL, how can i restrict access to code in a function for a user?