Re: Directory/File Access Permissions for COPY and Generic File Access Functions

On 10/27/14 7:27 AM, Stephen Frost wrote:
> * Peter Eisentraut (peter_e@gmx.net) wrote:
>> On 10/16/14 12:01 PM, Stephen Frost wrote:
>>> This started out as a request for a non-superuser to be able to review
>>> the log files without needing access to the server.
>>
>> I think that can be done with a security-definer function.
> 
> Of course it can be.  We could replace the entire authorization system
> with security definer functions too.

I don't think that is correct.

It's easy to do something with security definer functions if it's single
purpose, with a single argument, like load this file into this table,
let these users do it.

It's not easy to do it with functions if you have many parameters, like
in a general SELECT statement.

So I would like to see at least three wildly different use cases for
this before believing that a security definer function isn't appropriate.

> I don't view this as an argument
> against this feature, particularly as we know other systems have it,
> users have asked for multiple times, and large PG deployments have had
> to hack around our lack of it.

What other systems have it?  Do you have links to their documentation?