Nathan Wagner told me that two places in the create function docs say
permissions are controlled by the function creator, while permissions
are really controlled by the function owner.
The attached patch fixes this.
--
Bruce Momjian <br...@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml
new file mode 100644
index 8108a43..b9d8833
*** a/doc/src/sgml/ref/create_function.sgml
--- b/doc/src/sgml/ref/create_function.sgml
*************** CREATE [ OR REPLACE ] FUNCTION
*** 401,407 ****
is to be executed with the privileges of the user that calls it.
That is the default. <literal>SECURITY DEFINER</literal>
specifies that the function is to be executed with the
! privileges of the user that created it.
</para>
<para>
--- 401,407 ----
is to be executed with the privileges of the user that calls it.
That is the default. <literal>SECURITY DEFINER</literal>
specifies that the function is to be executed with the
! privileges of the user that owns it.
</para>
<para>
*************** SELECT * FROM dup(42);
*** 747,753 ****
<para>
Because a <literal>SECURITY DEFINER</literal> function is executed
! with the privileges of the user that created it, care is needed to
ensure that the function cannot be misused. For security,
<xref linkend="guc-search-path"> should be set to exclude any schemas
writable by untrusted users. This prevents
--- 747,753 ----
<para>
Because a <literal>SECURITY DEFINER</literal> function is executed
! with the privileges of the user that owns it, care is needed to
ensure that the function cannot be misused. For security,
<xref linkend="guc-search-path"> should be set to exclude any schemas
writable by untrusted users. This prevents
--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs
