Fix for function ownership

Bruce Momjian <bruce@momjian.us> writes:

Nathan Wagner told me that two places in the create function docs say
permissions are controlled by the function creator, while permissions
are really controlled by the function owner.

The attached patch fixes this.

Looks like an improvement to me. Are there any other places with
similar wording?

regards, tom lane

--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

On Fri, Sep 23, 2016 at 09:23:25PM -0400, Tom Lane wrote:

Bruce Momjian <bruce@momjian.us> writes:

Nathan Wagner told me that two places in the create function docs say
permissions are controlled by the function creator, while permissions
are really controlled by the function owner.

The attached patch fixes this.

Looks like an improvement to me. Are there any other places with
similar wording?

I couldn't find any others. I looked for "user that created".

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +

--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

On Fri, Sep 23, 2016 at 08:31:02PM -0400, Bruce Momjian wrote:

Nathan Wagner told me that two places in the create function docs say
permissions are controlled by the function creator, while permissions
are really controlled by the function owner.

The attached patch fixes this.

Applied.

---------------------------------------------------------------------------

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +

diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml
new file mode 100644
index 8108a43..b9d8833
*** a/doc/src/sgml/ref/create_function.sgml
--- b/doc/src/sgml/ref/create_function.sgml
*************** CREATE [ OR REPLACE ] FUNCTION
*** 401,407 ****
is to be executed with the privileges of the user that calls it.
That is the default.  <literal>SECURITY DEFINER</literal>
specifies that the function is to be executed with the
!       privileges of the user that created it.
</para>

<para>
--- 401,407 ----
is to be executed with the privileges of the user that calls it.
That is the default.  <literal>SECURITY DEFINER</literal>
specifies that the function is to be executed with the
!       privileges of the user that owns it.
</para>

<para>
*************** SELECT * FROM dup(42);
*** 747,753 ****

<para>
Because a <literal>SECURITY DEFINER</literal> function is executed
!     with the privileges of the user that created it, care is needed to
ensure that the function cannot be misused.  For security,
<xref linkend="guc-search-path"> should be set to exclude any schemas
writable by untrusted users.  This prevents
--- 747,753 ----

<para>
Because a <literal>SECURITY DEFINER</literal> function is executed
! with the privileges of the user that owns it, care is needed to
ensure that the function cannot be misused. For security,
<xref linkend="guc-search-path"> should be set to exclude any schemas
writable by untrusted users. This prevents

--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +

--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs