Re: Trigger Function DML and Permissions

From: Jason Godden <jasongodden(at)optushome(dot)com(dot)au>
To: Raymond <support(at)bigriverinfotech(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: Trigger Function DML and Permissions
Date: 2003-07-21 08:27:21
Message-ID: 200307211827.21447.jasongodden@optushome.com.au
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hi Raymond,

Have you tried using the SECURITY DEFINER option when you create a function?
This runs the function with the same privileges as the user who defined the
function. If you are clever with the definer user and limit their access to
various database objects you may get what you want. If you need to change
permissions in the middle of a function you could presumably create smaller
plpgsql functions with security definer and leave the others to security
invoker. The doesn't know that this is going on as all the security stuffs
is done at the server.

Cheers,

Jason

On Mon, 21 Jul 2003 12:05 pm, Raymond wrote:
> Appears Postgres 7.3.3 utilizes current user permissions when executing DML
> within trigger functions.
>
> How would one transparently (from the client perspective) switch users for
> the purpose of trigger function execution and the restore to the original
> after execution?
>
> This issue will arise again with Insert, Update and Delete functions.
>
> Raymond
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Paul Thomas 2003-07-21 09:52:26 Re: Checkpoint question
Previous Message Richard Huxton 2003-07-21 08:17:57 Re: Is there support for output parameters?