Stephen Frost <sfrost@snowman.net> writes:
> What I believe Kevin is getting at here is this:
> There's no way to say "run this function as user X" except by making it
> SECURITY DEFINER and owned by the user you want the function to run as.
> If we had an independent way to have the function run as a specific
> user, where that user DIDN'T own the function, I think Kevin's use case
> would be satisfied.
Interesting thought. I'm not exactly sure who should be allowed to
apply the "RUN AS other-user" option to a function, but I can see the
possible value of separating the right to modify the function's
definition from the user the function runs as. Kevin, does this seem
like it would address your concern?
regards, tom lane