| From: | Nico Williams <nico(at)cryptonector(dot)com> |
|---|---|
| To: | Chapman Flack <chap(at)anastigmatix(dot)net> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Where is it documented what role executes constraint triggers? |
| Date: | 2017-11-03 18:11:58 |
| Message-ID: | 20171103181157.GY4496@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Nov 03, 2017 at 02:09:00PM -0400, Chapman Flack wrote:
> From a little experimenting in 9.5, it seems that a referential
> integrity trigger is executed with the identity of the referencED
> table's owner, but I have not been able to find this covered in
> the docs. Is this a documentation oversight, or is it explained
> somewhere I didn't look (or may have skimmed right over it)?
>
> The question came up at $work after the departure of $colleague,
> who had created some tables as himself and not changed their
> ownership. His role had the superuser bit at the time, so
> RI checks involving those tables never incurred 'permission denied'
> errors until he left. Then, his role was not dropped, only disabled
> for login and made no longer superuser, and that's when RI checks
> started incurring 'permission denied'.
Are the trigger functions SECURITY DEFINER?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-11-03 18:20:15 | Re: Where is it documented what role executes constraint triggers? |
| Previous Message | Chapman Flack | 2017-11-03 18:09:00 | Where is it documented what role executes constraint triggers? |