Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE
David G. Johnston <david.g.johnston@gmail.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
To: Steve Chavez <steve@supabase.io>
Cc: Laurenz Albe <laurenz.albe@cybertec.at>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2026-01-28T19:39:18Z
Lists: pgsql-hackers
On Wed, Jan 28, 2026 at 12:19 PM Steve Chavez <steve@supabase.io> wrote: > > I’d be more inclined to change this incompatibility than try to affect > action at a distance with a database setting. > > Could we instead have a shortcut for view creation like `CREATE SECURE > VIEW` (would be the same as WITH (security_invoker = true)`) ? This at > least makes it harder to forget specifying the option and also denotes that > by default views are insecure (since they're most likely created by > security_definer=superuser) > > Please don't top-post. Inventing alternative syntax with the same fundamental issue, just an arguably different failure threshold, is unappealing. David J.