Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
7.1.0
-
1
Description
Functions should be able to be defined and hence executed as the function owner right or the caller right.
Most vendors' stored procedure offer this ability to allow users to escalate their privileges.
For example, only the owner has access to product_promotion data
CREATE FUNCTION get_promotion (product_code)
|
{
|
var promotion = ""; |
query = SELECT promotion FROM product_promotion WHERE code = $product_code;
|
...
|
return promotion; |
}
|
|
cbq> CREATE OR REPLACE FUNCTION get_promotion(code) EXECUTE AS OWNER LANGUAGE JAVASCRIPT AS "get_promotion" AT "library"; |
EXECUTE AS CALLER would be default when creating function.
some other user can get promotion via function, fro example as another user without access to product_promotion data
SELECT product, code, get_promotion(code) FROM ...
|
We should also consider having ownership info on the UDF UI as well.