On Fri, Sep 23, 2016 at 08:31:02PM -0400, Bruce Momjian wrote: > Nathan Wagner told me that two places in the create function docs say > permissions are controlled by the function creator, while permissions > are really controlled by the function owner. > > The attached patch fixes this.
Applied. --------------------------------------------------------------------------- > > -- > Bruce Momjian <[email protected]> http://momjian.us > EnterpriseDB http://enterprisedb.com > > + As you are, so once was I. As I am, so you will be. + > + Ancient Roman grave inscription + > diff --git a/doc/src/sgml/ref/create_function.sgml > b/doc/src/sgml/ref/create_function.sgml > new file mode 100644 > index 8108a43..b9d8833 > *** a/doc/src/sgml/ref/create_function.sgml > --- b/doc/src/sgml/ref/create_function.sgml > *************** CREATE [ OR REPLACE ] FUNCTION > *** 401,407 **** > is to be executed with the privileges of the user that calls it. > That is the default. <literal>SECURITY DEFINER</literal> > specifies that the function is to be executed with the > ! privileges of the user that created it. > </para> > > <para> > --- 401,407 ---- > is to be executed with the privileges of the user that calls it. > That is the default. <literal>SECURITY DEFINER</literal> > specifies that the function is to be executed with the > ! privileges of the user that owns it. > </para> > > <para> > *************** SELECT * FROM dup(42); > *** 747,753 **** > > <para> > Because a <literal>SECURITY DEFINER</literal> function is executed > ! with the privileges of the user that created it, care is needed to > ensure that the function cannot be misused. For security, > <xref linkend="guc-search-path"> should be set to exclude any schemas > writable by untrusted users. This prevents > --- 747,753 ---- > > <para> > Because a <literal>SECURITY DEFINER</literal> function is executed > ! with the privileges of the user that owns it, care is needed to > ensure that the function cannot be misused. For security, > <xref linkend="guc-search-path"> should be set to exclude any schemas > writable by untrusted users. This prevents > > -- > Sent via pgsql-docs mailing list ([email protected]) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-docs -- Bruce Momjian <[email protected]> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-docs mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
