Quick Links

Re: Allow database owners to CREATE EVENT TRIGGER

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Steve Chavez <steve(at)supabase(dot)io>
Cc:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Allow database owners to CREATE EVENT TRIGGER
Date:	2025-03-05 15:28:40
Message-ID:	308551.1741188520@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

I wrote:
> Or in other words: not-superuser to superuser is far from the only
> type of privilege escalation that we need to prevent.

After reflecting on that for a moment: maybe say that an event trigger
fires for queries that are run by a role that the trigger's owning
role is a member of? That changes nothing for superuser-owned
triggers.

regards, tom lane

In response to

Re: Allow database owners to CREATE EVENT TRIGGER at 2025-03-05 15:13:37 from Tom Lane

Responses

Re: Allow database owners to CREATE EVENT TRIGGER at 2025-03-05 16:17:06 from Isaac Morland

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Nathan Bossart	2025-03-05 15:35:27	Re: doc: expand note about pg_upgrade's --jobs option
Previous Message	Tom Lane	2025-03-05 15:13:37	Re: Allow database owners to CREATE EVENT TRIGGER