AWS redshift medium security documentation change
Summary
Clarified security_user_id behavior when called from outer DEFINER stored procedures
Security assessment
The change corrects documentation about privilege inheritance in nested stored procedures, addressing potential privilege escalation risks by clarifying security context propagation.
Diff
diff --git a/redshift/latest/dg/SYS_PROCEDURE_CALL.md b/redshift/latest/dg/SYS_PROCEDURE_CALL.md index eb625a3bc..36c8b2ff7 100644 --- a//redshift/latest/dg/SYS_PROCEDURE_CALL.md +++ b//redshift/latest/dg/SYS_PROCEDURE_CALL.md @@ -18 +18 @@ session_user_id | integer | The identifier of the user who created the session a -security_user_id | integer | The identifier of the user whose privileges were used to run the statement within the stored procedure. If the stored procedure is DEFINER, then this will be the owner user_id of the stored procedure. +security_user_id | integer | The identifier of the user whose privileges were used to run the statement within the stored procedure. If the stored procedure was called from the outer DEFINER stored procedure, then this will be the owner user_id of that outer stored procedure.