Secured configuration access

scripts-available/CDB_Conf.sql

@@ -1,3 +1,10 @@
+----------------------------------
+-- CONF MANAGEMENT FUNCTIONS
+--
+-- Meant to be used by superadmin user.
+-- Functions needing reading configuration should use SECURITY DEFINER.
+----------------------------------
+
 -- This will trigger NOTICE if CDB_CONF already exists
 DO LANGUAGE 'plpgsql' $$
 BEGIN
@@ -32,7 +39,7 @@ BEGIN
     EXECUTE 'select cartodb._CDB_Conf_Cache(''get'', $1) as conf;' INTO conf USING param;
     RETURN conf;
 END
-$$ LANGUAGE PLPGSQL STABLE SECURITY DEFINER;
+$$ LANGUAGE PLPGSQL STABLE;
 
 -- Single cache function allowing SD private dict usage
 CREATE OR REPLACE

scripts-available/CDB_Groups_API.sql

@@ -66,6 +66,8 @@ $$ LANGUAGE 'plpythonu' VOLATILE;
 
 DO LANGUAGE 'plpgsql' $$
 BEGIN
+    -- Needed for dropping type
+    DROP FUNCTION IF EXISTS cartodb._CDB_Group_API_Conf();
     DROP TYPE IF EXISTS _CDB_Group_API_Params;
 END
 $$;
@@ -136,4 +138,4 @@ $$
       raise last_err
 
     return None
-$$ LANGUAGE 'plpythonu' VOLATILE;
+$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;