Florian Pflug <f...@phlo.org> writes: > On Jun28, 2012, at 17:29 , Tom Lane wrote: >> I believe it works today, because the executor only applies permissions >> checks during query startup. So those checks are executed while still >> within the SECURITY DEFINER context, and should behave as expected. >> Subsequently, the cursor portal is returned to caller and caller can >> execute it to completion, no problem.
> Don't we (sometimes?) defer query startup to the first time FETCH is > called? There are things inside individual plan node functions that may only happen when the first row is demanded, but permissions checks are done in ExecutorStart(). regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers