Comparison of the definer's permission and caller's permission -

Before an SPL program is executed, the system identifies the user who is associated with the process. The user associated with the process is called the current user. The search path of the current user is used to parse unqualified object references. The database object permissions of the current user determine whether the related database objects can be referenced in the program.

The selection of the current user is based on whether the SPL program is created with the definer's permission or caller's permission. The AUTHID clause is used to determine this selection. The AUTHID DEFINER clause is used to grant the definer's permission to the program. The AUTHID clause is omitted by default. The AUTHID CURRENT_USER clause is used to grant the definer's permission to the program. The following section summarizes the differences between the preceding two permissions:

If a program has the definer's permission, the owner of the program becomes the current user when the program is executed. The search path of the program owner is used to parse unqualified object references. The database object permissions of the program owner can be used to determine whether access to a referenced object is allowed. For a program created with the definer's permission, the current user is irrelevant to the caller of the program.
If a program has the caller's permission, the current user when the program is called remains the current user during the program execution (but not necessarily in called subprograms). For more information, see the following bullet points. When a program with the caller's permission is called, the current user is the user who starts the session, for example, establishing database connections. The SET ROLE command can be used to change the current user after the session starts. For a program created with the caller's permission, the current user is irrelevant to the owner of the program.

The following section summarizes the observations generated from the preceding definitions:

The first observation details the status of the current user when a program created with the definer's permission calls another program created with the definer's permission. The current user changes from the owner of the calling program to the owner of the called program during the execution of the called program.
The second observation details the status of the current user when a program created with the definer's permission calls another program created with the caller's permission. The owner of the calling program remains the current user during the execution of both the calling and called programs.
The third observation details the status of the current user when a program created with the caller's permission calls another program created with the caller's permission. The current user of the calling program remains the current user during the execution of the called program.
The fourth observation details the status of the current user when a program created with the caller's permission calls another program created with the definer's permission. The current user changes to the owner of the called program during the execution of the called program.

If the called program in turn calls another program in the preceding cases, the corresponding principles still apply.