First, let me say I was holding off replying/thanking everyone to have the
time
to properly test this. Erik's quasi-question makes me break that silence.
On Tue, Apr 4, 2023 at 10:46 AM Erik Wienhold wrote:
> > On 04/04/2023 07:55 CEST walt...@technowledgy.de wrote:
> > For me, checking whether
> On 04/04/2023 07:55 CEST walt...@technowledgy.de wrote:
>
> Erik Wienhold:
> > A single DEFINER function works if you capture current_user with a parameter
> > and default value. Let's call it claimed_role. Use pg_has_role[0] to check
> > that session_user has the privilege for claimed_role (in
Erik Wienhold:
A single DEFINER function works if you capture current_user with a parameter
and default value. Let's call it claimed_role. Use pg_has_role[0] to check
that session_user has the privilege for claimed_role (in case the function is
called with an explicit value), otherwise raise an
> On 03/04/2023 13:18 CEST Dominique Devienne wrote:
>
> My goal is to have clients connect to PostgreSQL,
> and call a function that return a JWT token.
>
> The JWT is supposed to capture the user (login role),
> and the current_role (which has meaning in our app),
> and sign it using a secret co
## Dominique Devienne (ddevie...@gmail.com):
> On the one hand, I want a INVOKER security function,
> to be able to capture the login and current ROLEs.
There's session_user ("the session user's name") which remains unchanged
on a SECURITY DEFINER function, and current_user ("the user name of the
