Home > mailing lists

Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function - Mailing list pgsql-general

From	Adrian Klaver
Subject	Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function
Date	July 31 18:45:46
Msg-id	ff87bba0-9b9b-4dac-9f47-d2eefef42378@aklaver.com Whole thread Raw
In response to	Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function ("David G. Johnston" <david.g.johnston@gmail.com>)
List	pgsql-general

Tree view

On 7/31/25 08:06, David G. Johnston wrote:
> On Thursday, July 31, 2025, Adrian Klaver <adrian.klaver@aklaver.com 
> <mailto:adrian.klaver@aklaver.com>> wrote:

>     So the below from the original post was not correct:
> 
>     "My setup ensures that the role I SET LOCAL ROLE to, has (indirectly)
>     been granted DMLs on that table."
> 
> 
> Not incorrect, just insufficient since select is not a DML action.

1) Seems to be some difference on that:

https://www.contrib.andrew.cmu.edu/~shadow/sql/sql1992.txt

13  Data manipulation

13.5  <select statement: single row>

Function

          Retrieve values from a specified row of a table.

2) What if you do SELECT some_data_mod_fnc()?

3) In the case at hand there was an implied SELECT as part of the DELETE.

> 
> David J.
> 


-- 
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-general by date:

From: "David G. Johnston"
Date: 31 July, 18:06:45
Subject: Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function

From: Dominique Devienne
Date: 31 July, 18:54:27
Subject: Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function

Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function - Mailing list pgsql-general

Previous

Next