Mike,
> I think most people coming from any other enterprise-class RDBMS
> environment will be surprised that they cannot use VIEWs to provide
> user-specific views on data. I could be wrong, but I'd put money on it...
Well, I'd say that giving regular users the "create" permission on your
database/schema is unwise, period. I don't, even when the only user is
"phpuser". SQL injections attacks are no fun.
Also, as Andrew points out, this can't be used to circumvent view-based
security if you've set it up correctly; if the user can't "select * from
table", then he can't write a function to "select * from table."
--
Josh Berkus
Aglio Database Solutions
San Francisco