> "Roman Rokytskyy" <rrokytskyy@...> wrote:
> >
> > This fits very well the model where role is specified at connect

time.

> > However, if we allow to change the role at runtime, we have either

to

> > invalidate all prepared statements or to check the permissions, etc.
> >
> > So, _if_ we consider Jim's proposal for implementation, then also
> > permission management should be changed.
>
> AFAIU his idea, Jim's in favour of invalidating prepared statements.

If that is true and if security were to be enforced at the prepare
stage, then what real value would the proposed statement cache have?

If I understand the statement cache, it would contain statements/SPs
which have been prepared by other connections to allow for the 'prepare'
and compile time to be optimized across connections.


Sean