I said:
> And I have not yet been able to think of a concrete case where the
> existing behavior (execute as calling user) is better.

Okay, I've thought of one: consider the situation where you want to
label each row in a table with the ID of the user who inserted it.
Right now, you can do
        who     name    default current_user,
or for greater security use a trigger to set the column value.
This will stop working if defaults and triggers run as the table
owner.  (You could maybe use session_user instead, but it's not
clear that that's the right thing if the user is calling setuid
functions that do things on his behalf.)

However this is only one example; I still think Bruno's got a good

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?


Reply via email to