| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Aasmund Midttun Godal" <postgresql(at)aasmund(dot)com> |
| Cc: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Before/After Trigger User Switching |
| Date: | 2003-08-20 20:53:22 |
| Message-ID: | 19303.1061412802@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
"Aasmund Midttun Godal" <postgresql(at)aasmund(dot)com> writes:
> Thank you for your quick reply!
> I understand your point of view, however the fact remains that you want the
> action to be done as though it was the DEFINER user that did it, and that
> has not changed even thoug the function itself has finished?
<shrug> ... if there's any bug here, I'd argue that it's that we don't
force trigger functions to run as the owner of the table they're on.
The privileges of the user that did the INSERT or whatever are the wrong
thing in any case, I'd say.
Which suggests a workaround for the moment: your trigger function should
be a SECURITY DEFINER.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Matthias Nagl | 2003-08-20 21:09:08 | problem with automatic altering of groups |
| Previous Message | Rod Taylor | 2003-08-20 20:41:32 | Re: "SELECT IN" Still Broken in 7.4b |