public inbox for [email protected]
help / color / mirror / Atom feedFrom: [email protected]
To: Dominique Devienne <[email protected]>
To: [email protected]
Subject: Re: current_role of caller of a DEFINER function
Date: Wed, 26 Jun 2024 12:11:26 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAFCRh--0j77ueun+Ak0vRe_vi__Jks_HZjD9QbD+THR8gAWvRQ@mail.gmail.com>
References: <CAFCRh--0j77ueun+Ak0vRe_vi__Jks_HZjD9QbD+THR8gAWvRQ@mail.gmail.com>
Dominique Devienne:
> 1) Is there any way to know the current_role of the caller of a
> DEFINER function. I fear the answer is no, but better be sure from
> experts here.
You can do something like this:
CREATE DOMAIN current_user_only AS text
CONSTRAINT current_user_only CHECK (VALUE = CURRENT_USER);
CREATE FUNCTION func(
calling_user current_user_only DEFAULT CURRENT_USER
) ... SECURITY DEFINER;
The default value will be evaluated in the context of the calling user,
the constraint forces it to never be set explicitly to something else.
Thus you can use calling_user inside your function.
Best,
Wolfgang
view thread (3+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: current_role of caller of a DEFINER function
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox