Switch user ID to the object owner when populating a materialized view.

This makes superuser-issued REFRESH MATERIALIZED VIEW safe regardless of the object's provenance. REINDEX is an earlier example of this pattern. As a downside, functions called from materialized views must tolerate running in a security-restricted operation. CREATE MATERIALIZED VIEW need not change user ID. Nonetheless, avoid creation of materialized views that will invariably fail REFRESH by making it, too, start a security-restricted operation. Back-patch to 9.3 so materialized views have this from the beginning. Reviewed by Kevin Grittner.
author: Noah Misch 2013-07-12 22:21:22 +0000
committer: Noah Misch 2013-07-12 22:25:41 +0000
commit: fb7c0ac42e1a8e3cde74e83e2c758ada8c62a35e (patch)
tree: b1d0681b57e7db1524b7afa9ae968ba536eabe8b /doc/src
parent: 7484f89daa33477e0027a86ae772f44fa99224ed (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/src/sgml/ref/create_materialized_view.sgml b/doc/src/sgml/ref/create_materialized_view.sgml
index 0ed764b3533..b742e17ac82 100644
--- a/doc/src/sgml/ref/create_materialized_view.sgml
+++ b/doc/src/sgml/ref/create_materialized_view.sgml
@@ -105,7 +105,9 @@ CREATE MATERIALIZED VIEW <replaceable>table_name</replaceable>
     <listitem>
      <para>
       A <xref linkend="sql-select">, <link linkend="sql-table">TABLE</link>,
-      or <xref linkend="sql-values"> command.
+      or <xref linkend="sql-values"> command.  This query will run within a
+      security-restricted operation; in particular, calls to functions that
+      themselves create temporary tables will fail.
      </para>
     </listitem>
    </varlistentry>
author	Noah Misch	2013-07-12 22:21:22 +0000
committer	Noah Misch	2013-07-12 22:25:41 +0000
commit	fb7c0ac42e1a8e3cde74e83e2c758ada8c62a35e (patch)
tree	b1d0681b57e7db1524b7afa9ae968ba536eabe8b /doc/src
parent	7484f89daa33477e0027a86ae772f44fa99224ed (diff)