I have a stored procedure in Postgresql that contains COMMIT statement and I would like users to only access this procedure without giving them right to select, insert, etc. In function I would use SECURITY DEFINER, but from official docs https://www.postgresql.org/docs/11/sql-createprocedure.html:
A SECURITY DEFINER procedure cannot execute transaction control statements (for example, COMMIT and ROLLBACK, depending on the language).
As I understand this means that I can not use SECURITY DEFINER and have to grant user any right that is needed in stored procedure to allow user to execute it which completely defeats the whole purpose of allowing users only functions or procedures.
How does one call stored procedure with COMMIT statement in it without having individual grants to all statements inside the procedure?