Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uhVd9-000l44-MO
	for pgsql-general@arkaria.postgresql.org; Thu, 31 Jul 2025 15:55:43 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uhVc9-00256F-K0
	for pgsql-general@arkaria.postgresql.org; Thu, 31 Jul 2025 15:54:41 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ddevienne@gmail.com>)
	id 1uhVc9-00255v-8y
	for pgsql-general@lists.postgresql.org; Thu, 31 Jul 2025 15:54:41 +0000
Received: from mail-ot1-x32c.google.com ([2607:f8b0:4864:20::32c])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <ddevienne@gmail.com>)
	id 1uhVc6-0002TK-20
	for pgsql-general@lists.postgresql.org;
	Thu, 31 Jul 2025 15:54:40 +0000
Received: by mail-ot1-x32c.google.com with SMTP id 46e09a7af769-73e7bb65255so728253a34.0
        for <pgsql-general@lists.postgresql.org>; Thu, 31 Jul 2025 08:54:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1753977279; x=1754582079; darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=EzVhXphfJF9y+x8kP6a8NOeeurJk+l9Q/PGVbI9Cdpw=;
        b=R4+ySjkT8Ev1HY6dyNPCCeuoA/huA4J6F5GwSjGCgDdOSDrSEIQduQHa6Aq5NGYmbU
         uRXifE4Rfas2IQrjUDZS20DwV4Xv5yZs7C749zJ2npAGNvIyDFt+nXK29DRma6IwPjP2
         phzBDWZwD4B46MWd4tEr1tkuLkN+OnP3SiJ1xi+WBB7lOnITnj5LSiYzlv1zcYO75IwO
         3IA5bzqwbPlnNEYX/Fw+2o4EBbupJi+/roO2fr1iF+ydJGqjfGn9dRBdNBPhxtDcYWPV
         AiFYHdLaMfLGW1ddaH4FuzjI0JepFNRgruMW7bhb/RAa9w/2QjKKVnZZ6UiqMvcnoRHU
         NqUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1753977279; x=1754582079;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=EzVhXphfJF9y+x8kP6a8NOeeurJk+l9Q/PGVbI9Cdpw=;
        b=M1W2SyVxfrRUUfMCrq4OMU5EkFDD1ADgn664u9o21UiYIf3eUsyVE4144hTrdskBdr
         DF2ikUJvUH9ImTFav78CZjk6oWvZnO2PUyrG1wQCxqTOOg4491NhmP7NOxfR60Gzumvj
         NoeaRKPCfZx8iUmmzPfvdO+6GKqcx225g49zeZr+fhLUYF4pn+sCzpZarOw3KUjAGorV
         gGec4Avd5dUrJgfyRc/f1fpnB9RN3OqtcK/GzCNnBtT8myJOPMs8s+PA+/GjsfnkjrD7
         hE8THIDpU0Xtw7VIH40p0P38l0b8AYXDZmhq08Oj1eKD7kCHg+xRCPfHAx7o/zYFVyR2
         IRKw==
X-Forwarded-Encrypted: i=1; AJvYcCWdTpeSvye06XMMF30hXZHY8zevhArFfNBHIngtlQ4cQR5x9Y9DAJxpwcnZTY+z9CiE76oHu+sR19RR1ugO@lists.postgresql.org
X-Gm-Message-State: AOJu0Yyv6oR4VE8BWGAHLAD2qdVSGbf4O5Gyo+mvwmUNZcVJNaCd8fAc
	j1rC9BC4OnrO2w9cJaK+1zCnGPZsyJ/2886U+OE0a7S1KA8Fr8MJbz9tTtDetCfYqbLGFlIPiwD
	2XWFTVRILIURJlmlC4VbQh6P8VhXBJqU=
X-Gm-Gg: ASbGnctn9ypVdm9fyYzrRB7bA9UDAHdLbJL4FmRhaRPdTto/1Mnmx+MHkO/lp4ISRZU
	ftkePyLPce2gU7aBkw2OmUuNMUegX3c5I9blSSB8bmLKrhTXax15n8a4LXkG1TO4Zoab8tbRp0u
	+5+AB4CygLPPqfqfx19l8NPXq9GyjkQN4Lc9lABQ/wlahHhK8ApWCrTunzzUr9ApxAbkl5gclGe
	0PVoZVvFHOgB2nVKiYG
X-Google-Smtp-Source: AGHT+IGdQWl5kPWWnerG+lbAFpuNYDzhHfUYE3qXT4lQVlfJB8av4wfMUGftMXOzZDjHX1dtZptUy7dOED/BDosCX/A=
X-Received: by 2002:a05:6808:2116:b0:406:73ef:9d46 with SMTP id
 5614622812f47-43199999c62mr5029734b6e.5.1753977278592; Thu, 31 Jul 2025
 08:54:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAFCRh--AXoYUj8-WDuWpUcWXC0UNAL9gjbTp=1hU-NJhRyR0vQ@mail.gmail.com>
 <fa68fc72-e109-452e-8642-2b99c613f870@aklaver.com> <CAFCRh-9AzsOBd6cPFsgmbw=Mf3nN5tHj9YYQQHZG0XqxDSMK=Q@mail.gmail.com>
 <508f71c4-f1b1-4685-921d-bec8b361be10@aklaver.com> <662792ed-810d-46f1-a0c3-d4b55e5469fc@aklaver.com>
 <CAFCRh-8D+R=xufTFYN8SDDeEVwDNCb7kcspt9hsRW2T-QOMoKg@mail.gmail.com>
 <693d1252-89e4-498d-a5a6-5de6524bbb34@dalibo.com> <CAFCRh--tSWRRCMvtSovtRDX1wce5KCOutaDRBD5JKWb9atLC_w@mail.gmail.com>
 <bc2b9760-3597-477a-b199-633ba3ac36e5@aklaver.com>
In-Reply-To: <bc2b9760-3597-477a-b199-633ba3ac36e5@aklaver.com>
From: Dominique Devienne <ddevienne@gmail.com>
Date: Thu, 31 Jul 2025 17:54:27 +0200
X-Gm-Features: Ac12FXw8zZGhPqQmUDgq89N5Zat5OIAR2LGrjrJSNm_G8YwimbYRZaao91OKJJg
Message-ID: <CAFCRh--ZOeWP6euXdXz=yri3-5V0wFHXTd2KGLb+UaTUR7k_LQ@mail.gmail.com>
Subject: Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function
To: Adrian Klaver <adrian.klaver@aklaver.com>
Cc: Guillaume Lelarge <guillaume.lelarge@dalibo.com>, pgsql-general@lists.postgresql.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAFCRh--ZOeWP6euXdXz%3Dyri3-5V0wFHXTd2KGLb%2BUaTUR7k_LQ%40mail.gmail.com>
Precedence: bulk

On Thu, Jul 31, 2025 at 4:13=E2=80=AFPM Adrian Klaver <adrian.klaver@aklave=
r.com> wrote:
> On 7/31/25 04:37, Dominique Devienne wrote:
> So the below from the original post was not correct:
>
> "My setup ensures that the role I SET LOCAL ROLE to, has (indirectly)
> been granted DMLs on that table."

Not so. DML is Data Modification Language.
I did grant INSERT, UPDATE, DELETE.

As opposed to DQL, Data Query Language.
And yes, I failed to grant SELECT.

Normally SELECT comes from yet another role.
But not in this specific case.