postgresql execute postgresql-9.4 database-security

SECURITY DEFINER - privileges of the function's creator, or owner?

Postgres's official docs indicate that functions defined with SECURITY DEFINER run with privileges of the user who created it.

However other sources, such as here and here, claim it is the privileges of the owner of the function.

Which is correct?

(for 9.4+)

Solution

Usually (initially) the creator is the owner. However, if the owner of the function has been changed, security definer applies to the new owner. Per the documentation:

new_owner - The new owner of the function. Note that if the function is marked SECURITY DEFINER, it will subsequently execute as the new owner.

Recursive CTE in Postgresql
Add missing dates in a table
Cast value to type (TEXT) using string representation of type ("TEXT")
Equivalent of FOUND_ROWS() function in Postgresql
django.db.utils.ProgrammingError: column "role" of relation "APP_profile" does not exist
How to convert SQLite SQL dump file to PostgreSQL?
How do I change the timezone to UTC in postgres permanently?
Export .csv file (with headers) from PostgreSQL table using PHP PDO, first data row missing
Problem with PgBouncer auth method not same type
Running Docker Compose in Visual Studio Throws Postgres Uninitialized Error
How to set an Array column with an empty array as default in SQLAlchemy + Postgres
How can I annotate my Django queryset with a count of related objects
Why does an operation on real and a numeric inputs result in a double precision?
Get data on different rows per ID on one row
How to distinguish when FOUND is false from when row version is obsolete in a Postgres stored function
sum case with left join
Perform VACUUM FULL with JPA
Postgres - How to use the AVG of the last number of rows and multiply it with another column?
Prevent JPA from changing DB column data type
Convert hex in text representation to decimal number
Is it possible to efficiently change table and column names, using prisma?
PGbouncer locking template1
Django: using older version of postgresql
Execute formatted query gives error for insert in postgres function
How to read the function body of a Postgres standard-SQL function?
Running PostgreSQL in memory only
Get fatal error: server could not be contacted when running pgAdmin4. 'NoneType' object has no attribute 'value'
Can't find the PostgreSQL client library (libpq)
Docker-Compose failing to Build Container when using postgresql
Find SUM and MAX in custom aggregate function