> -----Original Message-----
> From: Tom Lane [mailto:t...@sss.pgh.pa.us]
> Actually, I don't find that to be a given.  Exactly what use-cases have
> you got that aren't solved as well or better by calling a SECURITY DEFINER
> function owned by the target role?

Oh, that's easy: If you want to do the equivalent of setreuid(geteuid(), 
getuid()); that is, if you want to drop privileges for a particular operation. 
Our particular use case is that we want to evaluate an expression provided by 
the caller but with the caller's privileges.

Cheers,

--Ian

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to