Home > mailing lists

Re: about the RULE system - Mailing list pgsql-general

From	Scott Marlowe
Subject	Re: about the RULE system
Date	December 13, 2006 20:43:50
Msg-id	1166046220.3243.171.camel@state.g2switchworks.com Whole thread Raw
In response to	Re: about the RULE system (Rafal Pietrak <rafal@zorro.isa-geek.com>)
Responses	Re: about the RULE system (Rafal Pietrak <rafal@zorro.isa-geek.com>)
List	pgsql-general

Tree view

On Wed, 2006-12-13 at 15:36, Rafal Pietrak wrote:
> On Wed, 2006-12-13 at 14:01 -0500, Tom Lane wrote:
> > Rafal Pietrak <rafal@zorro.isa-geek.com> writes:
> > > I thought trigger functions execute at root/postgres security level?
> >
> > No.  You probably want to make that function SECURITY DEFINER so it
> > executes as the owner, but this isn't default for triggers.
>
> Hmmm. Have checked it, and it does not look promissing.
>
> Obviously, when I define function with "SECURITY DEFINER" I need to
> limit access to that function. But....
>
> "REVOKE ALL ON FUNCTION piti() FROM PUBLIC"
>
> Doe not seam to have any effect on functions installed as a trigger.

Does your "common user" have the permission to create users?

pgsql-general by date:

From: Rafal Pietrak
Date: 13 December 2006, 20:37:08
Subject: Re: about the RULE system

From: "Brandon Aiken"
Date: 13 December 2006, 20:55:14
Subject: INSERT INTO row value constructors

Re: about the RULE system - Mailing list pgsql-general

Previous

Next