Switch user ID to the object owner when populating a materialized view. This makes superuser-issued REFRESH MATERIALIZED VIEW safe regardless of the object's provenance. REINDEX is an earlier example of this pattern. As a downside, functions called from materialized views must tolerate running in a security-restricted operation. CREATE MATERIALIZED VIEW need not change user ID. Nonetheless, avoid creation of materialized views that will invariably fail REFRESH by making it, too, start a security-restricted operation.
Back-patch to 9.3 so materialized views have this from the beginning. Reviewed by Kevin Grittner. Branch ------ REL9_3_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/fb7c0ac42e1a8e3cde74e83e2c758ada8c62a35e Modified Files -------------- doc/src/sgml/ref/create_materialized_view.sgml | 4 +++- src/backend/commands/createas.c | 30 ++++++++++++++++++++++++ src/backend/commands/matview.c | 19 +++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
