Home > mailing lists

Re: Wrong security context for deferred triggers? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Wrong security context for deferred triggers?
Date	June 5 19:45:51
Msg-id	1295340.1749141951@sss.pgh.pa.us Whole thread Raw
In response to	Re: Wrong security context for deferred triggers? (Noah Misch <noah@leadboat.com>)
List	pgsql-hackers

Tree view

Noah Misch <noah@leadboat.com> writes:
> In postgr.es/m/1071973.1749075038@sss.pgh.pa.us of yesterday's release notes
> discussion, you wrote "Execute AFTER triggers as the role that was active at
> the moment the trigger event was queued."  That's a good direction, since it's
> correct for the mid-query case without raising it explicitly.  Maybe this way:

> +    Also, the trigger will always run as the role that queued the trigger
> +    event, unless the trigger function is defined as <literal>SECURITY
> +    DEFINER</literal>, in which case it will run as the function owner.

WFM.  I'd probably write "is marked as" not "is defined as".

            regards, tom lane

pgsql-hackers by date:

From: Dmitry Koval
Date: 05 June, 19:41:22
Subject: Re: Add SPLIT PARTITION/MERGE PARTITIONS commands

From: Tom Lane
Date: 05 June, 19:47:52
Subject: Re: postmaster uses more CPU in 18 beta1 with io_method=io_uring

Re: Wrong security context for deferred triggers? - Mailing list pgsql-hackers

Previous

Next