On Wed, Oct 18, 2017 at 01:43:30PM -0700, David G. Johnston wrote: > Regardless of the merits of the proposed feature, the function > "session_user" is SQL-defined and should not be modified or enhanced. > > I could see "calling_role()" being useful - it returns the same value > as "current_role" normally and in security invoker functions while in > a security definer function it would return whatever current_role > would have returned if the function was a security invoker (i.e., the > role that the system will put back into effect once the security > definer function returns).
That... could be awkward where lots of SECURITY DEFINER functions may be user-callable, but also called from each other. But it would be minimally useful. More useful than this, for me, would be a way to get the top-most user. > Introducing the concept of a stack at the SQL level here seems, at > first glance, to be over-complicating things. Because of the current implementation of invocation of SECURITY DEFINER functions, a stack is trivial to build, since it's a list of nodes allocated on the C stack in fmgr_security_definer(). Nico -- -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers