aboutsummaryrefslogtreecommitdiff
path: root/src/backend/tcop/postgres.c
diff options
context:
space:
mode:
authorNoah Misch <noah@leadboat.com>2013-07-12 18:21:22 -0400
committerNoah Misch <noah@leadboat.com>2013-07-12 18:21:22 -0400
commitf3ab5d46960023cf8a9df3751ab9748ce01a46a0 (patch)
tree484f5381fe26bd82dd20889a4c5bc1d8b974e948 /src/backend/tcop/postgres.c
parent448fee2e238ae4797e68d7d15b49f2fc52691547 (diff)
downloadpostgresql-f3ab5d46960023cf8a9df3751ab9748ce01a46a0.tar.gz
postgresql-f3ab5d46960023cf8a9df3751ab9748ce01a46a0.zip
Switch user ID to the object owner when populating a materialized view.
This makes superuser-issued REFRESH MATERIALIZED VIEW safe regardless of the object's provenance. REINDEX is an earlier example of this pattern. As a downside, functions called from materialized views must tolerate running in a security-restricted operation. CREATE MATERIALIZED VIEW need not change user ID. Nonetheless, avoid creation of materialized views that will invariably fail REFRESH by making it, too, start a security-restricted operation. Back-patch to 9.3 so materialized views have this from the beginning. Reviewed by Kevin Grittner.
Diffstat (limited to 'src/backend/tcop/postgres.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-25 16:04:07 +0000