Switch user ID to the object owner when populating a materialized view. This makes superuser-issued REFRESH MATERIALIZED VIEW safe regardless of the object's provenance. REINDEX is an earlier example of this pattern. As a downside, functions called from materialized views must tolerate running in a security-restricted operation. CREATE MATERIALIZED VIEW need not change user ID. Nonetheless, avoid creation of materialized views that will invariably fail REFRESH by making it, too, start a security-restricted operation.
Back-patch to 9.3 so materialized views have this from the beginning. Reviewed by Kevin Grittner. Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/f3ab5d46960023cf8a9df3751ab9748ce01a46a0 Modified Files -------------- doc/src/sgml/ref/create_materialized_view.sgml | 4 +++- src/backend/commands/createas.c | 30 ++++++++++++++++++++++++ src/backend/commands/matview.c | 19 +++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
