diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/func.sgml | 18 | ||||
| -rw-r--r-- | doc/src/sgml/ref/create_function.sgml | 26 | ||||
| -rw-r--r-- | doc/src/sgml/release.sgml | 3 |
3 files changed, 35 insertions, 12 deletions
diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 62c36063821..978441347a4 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.97 2002/05/13 19:22:06 tgl Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.98 2002/05/18 13:47:59 petere Exp $ PostgreSQL documentation --> @@ -4260,14 +4260,14 @@ SELECT NULLIF(value, '(none)') ... </indexterm> <para> - The <function>session_user</> is the user that initiated a database - connection; it is fixed for the duration of that connection. The - <function>current_user</> is the user identifier that is applicable - for permission checking. Currently it is always equal to the session - user, but in the future there might be <quote>setuid</> functions and - other facilities to allow the current user to change temporarily. - In Unix parlance, the session user is the <quote>real user</> - and the current user is the <quote>effective user</>. + The <function>session_user</> is the user that initiated a + database connection; it is fixed for the duration of that + connection. The <function>current_user</> is the user identifier + that is applicable for permission checking. Normally, it is equal + to the session user, but it changes during the execution of + functions with the attribute <literal>SECURITY DEFINER</literal>. + In Unix parlance, the session user is the <quote>real user</> and + the current user is the <quote>effective user</>. </para> <note> diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml index 495a1331464..b2d2314a733 100644 --- a/doc/src/sgml/ref/create_function.sgml +++ b/doc/src/sgml/ref/create_function.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.38 2002/05/17 18:32:52 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.39 2002/05/18 13:47:59 petere Exp $ --> <refentry id="SQL-CREATEFUNCTION"> @@ -21,6 +21,7 @@ CREATE [ OR REPLACE ] FUNCTION <replaceable class="parameter">name</replaceable> | IMMUTABLE | STABLE | VOLATILE | CALLED ON NULL INPUT | RETURNS NULL ON NULL INPUT | STRICT | IMPLICIT CAST + | [EXTERNAL] SECURITY INVOKER | [EXTERNAL] SECURITY DEFINER | AS '<replaceable class="parameter">definition</replaceable>' | AS '<replaceable class="parameter">obj_file</replaceable>', '<replaceable class="parameter">link_symbol</replaceable>' } ... @@ -199,6 +200,27 @@ CREATE [ OR REPLACE ] FUNCTION <replaceable class="parameter">name</replaceable> </listitem> </varlistentry> + <varlistentry> + <term><optional>EXTERNAL</optional> SECURITY INVOKER</term> + <term><optional>EXTERNAL</optional> SECURITY DEFINER</term> + + <listitem> + <para> + <literal>SECURITY INVOKER</literal> indicates that the function + is to be executed with the privileges of the user that calls it. + That is the default. <literal>SECURITY DEFINER</literal> + specifies that the function is to be executed with the + privileges of the user that created it. + </para> + + <para> + The key word <literal>EXTERNAL</literal> is present for SQL + compatibility but is optional since, unlike in SQL, this feature + does not only apply to external functions. + </para> + </listitem> + </varlistentry> + <varlistentry> <term><replaceable class="parameter">definition</replaceable></term> @@ -372,7 +394,7 @@ CREATE [ OR REPLACE ] FUNCTION <replaceable class="parameter">name</replaceable> </para> </refsect1> - <refsect1 id="sql-createfunction-cast-function"> + <refsect1 id="sql-createfunction-cast-functions"> <title id="sql-createfunction-cast-functions-title"> Type Cast Functions </title> diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index 9b75049938a..b25b7ef5e38 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.136 2002/05/17 18:32:52 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.137 2002/05/18 13:47:59 petere Exp $ --> <appendix id="release"> @@ -24,6 +24,7 @@ CDATA means the content is "SGML-free", so you can write without worries about funny characters. --> <literallayout><![CDATA[ +Functions can be executed with the privileges of the owner Syntax of CREATE FUNCTION has been extended to resemble SQL99 Effects of SET within a transaction block now roll back if transaction aborts New SET LOCAL syntax sets a parameter for the life of the current transaction |