On Fri, 2012-11-30 at 20:08 -0500, Keith Fiske wrote:
> So then don't give that other role trigger permissions if you don't
> want them to be able to drop a trigger. I'm actually thankful for the
> trigger permission since it allows the extension I'm working on to
> create triggers on tables the role doesn't own. But now it only
> half-works because it can't clean up after itself when the trigger
> needs to be dropped.
Allowing any user with TRIGGER privileges to drop a trigger seem like a
reasonable change to me. The only alternative I can think of (aside from
dropping the separate TRIGGER privilege) is to track the owner of the
trigger separately from the owner of the table, but that would be
strange, too.
Regards,
Jeff Davis