Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sMPcj-002BzY-Lw
	for pgsql-general@arkaria.postgresql.org; Wed, 26 Jun 2024 10:11:34 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sMPcg-003HMN-MI
	for pgsql-general@arkaria.postgresql.org; Wed, 26 Jun 2024 10:11:31 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <walther@technowledgy.de>)
	id 1sMPcg-003HMF-5t
	for pgsql-general@lists.postgresql.org; Wed, 26 Jun 2024 10:11:30 +0000
Received: from dd25110.kasserver.com ([85.13.146.49])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <walther@technowledgy.de>)
	id 1sMPce-003dHh-9e
	for pgsql-general@lists.postgresql.org; Wed, 26 Jun 2024 10:11:29 +0000
Received: from [192.168.0.101] (ip-037-201-153-175.um10.pools.vodafone-ip.de [37.201.153.175])
	by dd25110.kasserver.com (Postfix) with ESMTPSA id 35DA3E1A0325;
	Wed, 26 Jun 2024 12:11:27 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=technowledgy.de;
	s=kas202308201259; t=1719396687;
	bh=qZyZf7Bc0gB1Il/OfNu8b4JU6ih9ZhxDzkIrowOPrKc=;
	h=Date:From:Subject:To:References:In-Reply-To:From;
	b=DSdG2kCEcuDInpQnAcJsyMWwGDKOOaaVh32Kx6AcXaCsY+rhTTuGE8vFcW8i7+Ehq
	 0vrcmZOpAMmKB85JzJIajK2LnQoxq57hqkizKTPlb1277mPK9pXkFKiM35ObA7x4Lx
	 G/1z3c/xLSuwlWyTbe++uWFbu9yUApWM3CYLoMyZmG+SkY62QJMThA3ZsYI82t6z/h
	 3qCoSJJt4NpNheA6NGbO6OB+n77cL2Zg2debodHY9r1JTxT+udkMuMRhPWaWqCihqg
	 I/q2IZp0vTqnTJRqSxJUp2aZ9fE7rqHYsiJO3Rl8GgmqxdA2cxk/SQLd9lQ0kCbEht
	 iSvFZzKCtv7mw==
Message-ID: <0b7d3b22-3e98-4eca-bc14-9430c48c0217@technowledgy.de>
Date: Wed, 26 Jun 2024 12:11:26 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: walther@technowledgy.de
Subject: Re: current_role of caller of a DEFINER function
To: Dominique Devienne <ddevienne@gmail.com>,
 pgsql-general@lists.postgresql.org
References: <CAFCRh--0j77ueun+Ak0vRe_vi__Jks_HZjD9QbD+THR8gAWvRQ@mail.gmail.com>
Content-Language: en-US
In-Reply-To: <CAFCRh--0j77ueun+Ak0vRe_vi__Jks_HZjD9QbD+THR8gAWvRQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Bar: /
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/0b7d3b22-3e98-4eca-bc14-9430c48c0217%40technowledgy.de>
Precedence: bulk

Dominique Devienne:
> 1) Is there any way to know the current_role of the caller of a
> DEFINER function. I fear the answer is no, but better be sure from
> experts here.

You can do something like this:

CREATE DOMAIN current_user_only AS text
   CONSTRAINT current_user_only CHECK (VALUE = CURRENT_USER);

CREATE FUNCTION func(
   calling_user current_user_only DEFAULT CURRENT_USER
) ... SECURITY DEFINER;

The default value will be evaluated in the context of the calling user, 
the constraint forces it to never be set explicitly to something else.

Thus you can use calling_user inside your function.

Best,

Wolfgang