AWS Security ChangesHomeSearch

AWS redshift medium security documentation change

Service: redshift · 2025-04-16 · Security-related medium

File: redshift/latest/dg/SYS_PROCEDURE_CALL.md

Summary

Clarified security_user_id behavior when called from outer DEFINER stored procedures

Security assessment

The change corrects documentation about privilege inheritance in nested stored procedures, addressing potential privilege escalation risks by clarifying security context propagation.

Diff

diff --git a/redshift/latest/dg/SYS_PROCEDURE_CALL.md b/redshift/latest/dg/SYS_PROCEDURE_CALL.md
index eb625a3bc..36c8b2ff7 100644
--- a//redshift/latest/dg/SYS_PROCEDURE_CALL.md
+++ b//redshift/latest/dg/SYS_PROCEDURE_CALL.md
@@ -18 +18 @@ session_user_id | integer | The identifier of the user who created the session a
-security_user_id | integer | The identifier of the user whose privileges were used to run the statement within the stored procedure. If the stored procedure is DEFINER, then this will be the owner user_id of the stored procedure.  
+security_user_id | integer | The identifier of the user whose privileges were used to run the statement within the stored procedure. If the stored procedure was called from the outer DEFINER stored procedure, then this will be the owner user_id of that outer stored procedure.