I'd like to be able to have a PL/pgSQL function defined as SECURITY DEFINER,
but still have access to the calling username within the function. Is this
possible?

I could pass current_user as a parameter, but of course this could easily be
bypassed.

Is there a way of coding this?

Thanks for any help

Adam


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo@postgresql.org)

On Wednesday 07 April 2004 11:23, Adam Witney wrote:[color=blue]
> I'd like to be able to have a PL/pgSQL function defined as SECURITY
> DEFINER, but still have access to the calling username within the function.
> Is this possible?
>
> I could pass current_user as a parameter, but of course this could easily
> be bypassed.
>
> Is there a way of coding this?[/color]

Just "SELECT CURRENT_USER" into a variable. You might want SESSION_USER
though.


--
Richard Huxton
Archonet Ltd

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo@postgresql.org)

On Wed, Apr 07, 2004 at 11:23:25 +0100,
Adam Witney <awitney@sghms.ac.uk> wrote:[color=blue]
>
> I'd like to be able to have a PL/pgSQL function defined as SECURITY DEFINER,
> but still have access to the calling username within the function. Is this
> possible?
>
> I could pass current_user as a parameter, but of course this could easily be
> bypassed.
>
> Is there a way of coding this?[/color]

You probably want session_user.

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend