diff options
| author | Noah Misch <noah@leadboat.com> | 2013-07-12 18:21:22 -0400 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2013-07-12 18:21:22 -0400 |
| commit | f3ab5d46960023cf8a9df3751ab9748ce01a46a0 (patch) | |
| tree | 484f5381fe26bd82dd20889a4c5bc1d8b974e948 /doc/src | |
| parent | 448fee2e238ae4797e68d7d15b49f2fc52691547 (diff) | |
| download | postgresql-f3ab5d46960023cf8a9df3751ab9748ce01a46a0.tar.gz postgresql-f3ab5d46960023cf8a9df3751ab9748ce01a46a0.zip | |
Switch user ID to the object owner when populating a materialized view.
This makes superuser-issued REFRESH MATERIALIZED VIEW safe regardless of
the object's provenance. REINDEX is an earlier example of this pattern.
As a downside, functions called from materialized views must tolerate
running in a security-restricted operation. CREATE MATERIALIZED VIEW
need not change user ID. Nonetheless, avoid creation of materialized
views that will invariably fail REFRESH by making it, too, start a
security-restricted operation.
Back-patch to 9.3 so materialized views have this from the beginning.
Reviewed by Kevin Grittner.
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/ref/create_materialized_view.sgml | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/src/sgml/ref/create_materialized_view.sgml b/doc/src/sgml/ref/create_materialized_view.sgml index 0ed764b3533..b742e17ac82 100644 --- a/doc/src/sgml/ref/create_materialized_view.sgml +++ b/doc/src/sgml/ref/create_materialized_view.sgml @@ -105,7 +105,9 @@ CREATE MATERIALIZED VIEW <replaceable>table_name</replaceable> <listitem> <para> A <xref linkend="sql-select">, <link linkend="sql-table">TABLE</link>, - or <xref linkend="sql-values"> command. + or <xref linkend="sql-values"> command. This query will run within a + security-restricted operation; in particular, calls to functions that + themselves create temporary tables will fail. </para> </listitem> </varlistentry> |