Re: CREATE FUNCTION ... SEARCH { DEFAULT | SYSTEM | SESSION }
| От | Joe Conway |
|---|---|
| Тема | Re: CREATE FUNCTION ... SEARCH { DEFAULT | SYSTEM | SESSION } |
| Дата | |
| Msg-id | 49d4652c-043b-eb73-264a-37843606f6a9@joeconway.com обсуждение исходный текст |
| Ответ на | Re: CREATE FUNCTION ... SEARCH { DEFAULT | SYSTEM | SESSION } (Jeff Davis <pgsql@j-davis.com>) |
| Список | pgsql-hackers |
On 9/25/23 14:03, Jeff Davis wrote: > On Mon, 2023-09-25 at 12:00 -0400, Joe Conway wrote: >> Should there be a way to have a separate "execution" search_path? > > I hadn't considered that and I like that idea for a few reasons: > > * a lot of the problem cases are for functions that don't need to > access tables at all, e.g., in an index expression. > * it avoids annoyances with pg_temp, because that's not searched for > functions/operators anyway > * perhaps we could force the object search_path to be empty for > IMMUTABLE functions? > > I haven't thought it through in detail, but it seems like a promising > approach. Related to this, it would be useful if you could grant create on schema for only non-executable objects. You may want to allow a user to create their own tables but not allow them to create their own functions, for example. Right now "GRANT CREATE ON SCHEMA foo" gives the grantee the ability to create "all the things". -- Joe Conway PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com
В списке pgsql-hackers по дате отправления: