| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Bruno Wolff III <bruno(at)wolff(dot)to>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [GENERAL] What user to defaults execute as? |
| Date: | 2002-11-05 22:41:43 |
| Message-ID: | Pine.LNX.4.44.0211052007430.1815-100000@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Tom Lane writes:
> Okay, I've thought of one: consider the situation where you want to
> label each row in a table with the ID of the user who inserted it.
> Right now, you can do
> ...,
> who name default current_user,
> ...
> or for greater security use a trigger to set the column value.
> This will stop working if defaults and triggers run as the table
> owner.
According to the SQL standard, privileges on constraints should
effectively be checked at the time the constraint is created. For
example, when you create a foreign key constraint you may need certain
REFERENCES privileges, and equally creating check constraints should
require REFERENCES privilege on tables involved in subqueries.
While the SQL standard doesn't say anything on how this should apply to
column defaults (since there you can't call user-defined functions or
subqueries in default clauses), it would make sense to carry this over.
--
Peter Eisentraut peter_e(at)gmx(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-11-05 23:16:37 | Re: Buffers and MacOS X |
| Previous Message | Vidal | 2002-11-05 20:46:12 | Hardware estimation |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2002-11-05 22:48:47 | Re: v7.3Beta4 Tag'd and Packaged ... |
| Previous Message | Bruce Momjian | 2002-11-05 22:24:46 | Re: PL/Perl and Perl 5.8 |