Re: DEFINER / INVOKER conundrum
Christoph Moench-Tegeder <cmt@burggraben.net>
From: Christoph Moench-Tegeder <cmt@burggraben.net>
To: Dominique Devienne <ddevienne@gmail.com>
Cc: pgsql-general@lists.postgresql.org
Date: 2023-04-03T12:59:03Z
Lists: pgsql-general
## Dominique Devienne (ddevienne@gmail.com):
> On the one hand, I want a INVOKER security function,
> to be able to capture the login and current ROLEs.
There's session_user ("the session user's name") which remains unchanged
on a SECURITY DEFINER function, and current_user ("the user name of the
current execution context") which changes according to the security
context set by SECURITY DEFINER/INVOKER.
-> https://www.postgresql.org/docs/current/functions-info.html
Regards,
Christoph
--
Spare Space.