=?UTF-8?Q?Marcin_Barczy=C5=84ski?= <mba.ogolny@xxxxxxxxx> writes: > Why can a user access a table from a forbidden schema if the table is > explicitly specified in the definition of a view in an allowed schema? And > not if the table is accessed by a function used in the view. (1) Whether a view can access a table is determined by the ownership of the view, not of the user using the view. (2) It might be nice if the view's permissions were inherited by functions called by the view, but we've not made that happen. You might be able to approximate it by marking such functions SECURITY DEFINER; although that makes the function's permissions those of the function's owner not the view's owner. regards, tom lane
