From e8ac187c68fdfcda800132d6c3c2e6d45aaf563f Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Sat, 18 May 2002 13:48:01 +0000
Subject: Allow functions to be executed with the privileges of the function
 owner. I took the opportunity to remove the pg_proc.proistrusted field.

---
 doc/src/sgml/func.sgml                | 18 +++++++++---------
 doc/src/sgml/ref/create_function.sgml | 26 ++++++++++++++++++++++++--
 doc/src/sgml/release.sgml             |  3 ++-
 3 files changed, 35 insertions(+), 12 deletions(-)

(limited to 'doc/src')

diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index 62c36063821..978441347a4 100644
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.97 2002/05/13 19:22:06 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.98 2002/05/18 13:47:59 petere Exp $
 PostgreSQL documentation
 -->
 
@@ -4260,14 +4260,14 @@ SELECT NULLIF(value, '(none)') ...
    </indexterm>
 
    <para>
-    The <function>session_user</> is the user that initiated a database
-    connection; it is fixed for the duration of that connection. The
-    <function>current_user</> is the user identifier that is applicable
-    for permission checking. Currently it is always equal to the session
-    user, but in the future there might be <quote>setuid</> functions and
-    other facilities to allow the current user to change temporarily.
-    In Unix parlance, the session user is the <quote>real user</>
-    and the current user is the <quote>effective user</>.
+    The <function>session_user</> is the user that initiated a
+    database connection; it is fixed for the duration of that
+    connection. The <function>current_user</> is the user identifier
+    that is applicable for permission checking. Normally, it is equal
+    to the session user, but it changes during the execution of
+    functions with the attribute <literal>SECURITY DEFINER</literal>.
+    In Unix parlance, the session user is the <quote>real user</> and
+    the current user is the <quote>effective user</>.
    </para>
 
    <note>
diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml
index 495a1331464..b2d2314a733 100644
--- a/doc/src/sgml/ref/create_function.sgml
+++ b/doc/src/sgml/ref/create_function.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.38 2002/05/17 18:32:52 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.39 2002/05/18 13:47:59 petere Exp $
 -->
 
 <refentry id="SQL-CREATEFUNCTION">
@@ -21,6 +21,7 @@ CREATE [ OR REPLACE ] FUNCTION <replaceable class="parameter">name</replaceable>
     | IMMUTABLE | STABLE | VOLATILE
     | CALLED ON NULL INPUT | RETURNS NULL ON NULL INPUT | STRICT
     | IMPLICIT CAST
+    | [EXTERNAL] SECURITY INVOKER | [EXTERNAL] SECURITY DEFINER
     | AS '<replaceable class="parameter">definition</replaceable>'
     | AS '<replaceable class="parameter">obj_file</replaceable>', '<replaceable class="parameter">link_symbol</replaceable>'
   } ...
@@ -199,6 +200,27 @@ CREATE [ OR REPLACE ] FUNCTION <replaceable class="parameter">name</replaceable>
      </listitem>
     </varlistentry>
 
+   <varlistentry>
+    <term><optional>EXTERNAL</optional> SECURITY INVOKER</term>
+    <term><optional>EXTERNAL</optional> SECURITY DEFINER</term>
+
+    <listitem>
+     <para>
+      <literal>SECURITY INVOKER</literal> indicates that the function
+      is to be executed with the privileges of the user that calls it.
+      That is the default.  <literal>SECURITY DEFINER</literal>
+      specifies that the function is to be executed with the
+      privileges of the user that created it.
+     </para>
+
+     <para>
+      The key word <literal>EXTERNAL</literal> is present for SQL
+      compatibility but is optional since, unlike in SQL, this feature
+      does not only apply to external functions.
+     </para>
+    </listitem>
+   </varlistentry>
+
     <varlistentry>
      <term><replaceable class="parameter">definition</replaceable></term>
 
@@ -372,7 +394,7 @@ CREATE [ OR REPLACE ] FUNCTION <replaceable class="parameter">name</replaceable>
   </para>
  </refsect1>
 
- <refsect1 id="sql-createfunction-cast-function">
+ <refsect1 id="sql-createfunction-cast-functions">
   <title id="sql-createfunction-cast-functions-title">
    Type Cast Functions
   </title>
diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml
index 9b75049938a..b25b7ef5e38 100644
--- a/doc/src/sgml/release.sgml
+++ b/doc/src/sgml/release.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.136 2002/05/17 18:32:52 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.137 2002/05/18 13:47:59 petere Exp $
 -->
 
 <appendix id="release">
@@ -24,6 +24,7 @@ CDATA means the content is "SGML-free", so you can write without
 worries about funny characters.
 -->
 <literallayout><![CDATA[
+Functions can be executed with the privileges of the owner
 Syntax of CREATE FUNCTION has been extended to resemble SQL99
 Effects of SET within a transaction block now roll back if transaction aborts
 New SET LOCAL syntax sets a parameter for the life of the current transaction
-- 
cgit v1.2.3