Home > mailing lists

Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan? - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan?
Date	November 22, 2013 02:11:47
Msg-id	15466.1385086304@sss.pgh.pa.us Whole thread Raw
In response to	Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan? (Joe Van Dyk <joe@tanga.com>)
Responses	Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan?
List	pgsql-general

Tree view

Joe Van Dyk <joe@tanga.com> writes:
> I had a function that was set to SECURITY INVOKER. I needed to give access
> to a view that uses this function to a role, so I made the function
> SECURITY DEFINER.

> The function is STABLE and is usually inlined and takes 2 ms to run.

> Immediately, the function quit being inlined and took 1500ms to run.

> Changing the function back to SECURITY DEFINER let the function be inlined
> again.

> On postgresql 9.3.1.

> Is this expected behavior?

Yes.  SECURITY DEFINER functions can't be inlined --- there would be
noplace to effect the change of user ID.

            regards, tom lane

pgsql-general by date:

From: Joe Van Dyk
Date: 22 November 2013, 02:09:26
Subject: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan?

From: Joe Van Dyk
Date: 22 November 2013, 02:15:18
Subject: Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan?

Re: Changing function from SECURITY DEFINER to SECURITY INVOKER changes query plan? - Mailing list pgsql-general

Previous

Next