Switch user ID to the object owner when populating a materialized view.
Noah Misch <noah@leadboat.com>
Switch user ID to the object owner when populating a materialized view. This makes superuser-issued REFRESH MATERIALIZED VIEW safe regardless of the object's provenance. REINDEX is an earlier example of this pattern. As a downside, functions called from materialized views must tolerate running in a security-restricted operation. CREATE MATERIALIZED VIEW need not change user ID. Nonetheless, avoid creation of materialized views that will invariably fail REFRESH by making it, too, start a security-restricted operation. Back-patch to 9.3 so materialized views have this from the beginning. Reviewed by Kevin Grittner.
Files
| Path | Change | +/− |
|---|---|---|
| doc/src/sgml/ref/create_materialized_view.sgml | modified | +3 −1 |
| src/backend/commands/createas.c | modified | +30 −0 |
| src/backend/commands/matview.c | modified | +19 −0 |