Say, I have a complex MySQL procedure. The procedure is basically a complex
A stored program or view that executes in definer security context executes with the privileges of the account named by its
DEFINERattribute. These privileges may be entirely different from those of the invoking user.
As long as the user defining the procedure has the necessary permissions and doesn't explicitly force the procedure to run in
INVOKER context, the permissions of the invoking user have no impact on what the procedure can do. The permissions of the defining user apply to the procedure's actions.
The invoking user only needs to be able to run it. No special arrangements are necessary, because this is the default behavior.
DEFINER defaults to the user creating the procedure. If that account has the
SUPER privilege, they can actually declare a different definer account whose privileges will apply.