Re: DROP TRIGGER permission - Mailing list pgsql-general

From Oliver Elphick
Subject Re: DROP TRIGGER permission
Date
Msg-id 1094468640.6360.177.camel@linda
Whole thread Raw
In response to DROP TRIGGER permission  ("Philippe Lang" <philippe.lang@attiksystem.ch>)
List pgsql-general
On Mon, 2004-09-06 at 09:23, Philippe Lang wrote:
> Hello,
>
> Dropping a trigger is permitted if the user is the owner of the table
> for which the trigger is defined.
>
> In a plpgsql function, used by different users, I need to disable some
> triggers for a short period of time. With the pgsql user login, I can
> succesfully drop and create the trigger again (after locking the tables
> for which I drop triggers), but unfortunately this not possible with a
> different user login, since they are not the owner of the table.
>
> What could I do in this situation?

Create another function to do the job and call it from inside your
plpgsql function.  The second function should be created by the user
that owns the table and should be created with the SECURITY DEFINER
option so that it will run with the permissions of the user that created
it rather than those of the user invoking it.

--
Oliver Elphick                                          olly@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA  92C8 39E7 280E 3631 3F0E  1EC0 5664 7A2F A543 10EA
                 ========================================
     "Behold, I stand at the door, and knock; if any man
      hear my voice, and open the door, I will come in to
      him, and will sup with him, and he with me."
                                   Revelation 3:20


pgsql-general by date:

Previous
From: Chris Ochs
Date:
Subject: radius authentication
Next
From: Graeme Hinchliffe
Date:
Subject: tg_relation doesn't seem to have the attribute names!