AWS redshift documentation change
Summary
Added explanation about SECURITY attribute determining execution privileges
Security assessment
Expands documentation about security controls (DEFINER/INVOKER modes) but does not indicate a specific security issue being addressed.
Diff
diff --git a/redshift/latest/dg/stored-procedure-security-and-privileges.md b/redshift/latest/dg/stored-procedure-security-and-privileges.md index 0b4946bad..666e6475b 100644 --- a//redshift/latest/dg/stored-procedure-security-and-privileges.md +++ b//redshift/latest/dg/stored-procedure-security-and-privileges.md @@ -15 +15 @@ The user creating a procedure is the owner by default. The owner has CREATE, DRO -The SECURITY attribute controls a procedure's privileges to access database objects. When you create a stored procedure, you can set the SECURITY attribute to either DEFINER or INVOKER. If you specify SECURITY INVOKER, the procedure uses the privileges of the user invoking the procedure. If you specify SECURITY DEFINER, the procedure uses the privileges of the owner of the procedure. INVOKER is the default. +The SECURITY attribute controls a procedure's privileges to access database objects. When you create a stored procedure, you can set the SECURITY attribute to either DEFINER or INVOKER. This attribute determines which privileges are used when executing the statements in the body of the stored procedure. If you specify SECURITY INVOKER, the procedure uses the privileges of the user invoking the procedure. If you specify SECURITY DEFINER, the procedure uses the privileges of the owner of the procedure. INVOKER is the default.