Securing Functions
When you call a function (or execute a trigger), that function typically operates with the privileges granted to your user ID or group. That means, for example, that a function can't UPDATE values in a given table unless you hold UPDATE privileges for that table. That's usually a good thing—you don't want a user to suddenly gain extra privileges just by calling a function. But it can also be inconvenient.
Say you're storing bookkeeping information in a PostgreSQL database and you've created a number of stored procedures (functions) to manage that data. You're running a large company with its own accounting department and you've created a group named CLERKS that holds limited privileges. In particular, a CLERK can SELECT values ...
Get PostgreSQL, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
