Cath Lawrence <Cath.Lawrence@anu.edu.au> writes:
> I am puzzled. I have rules set up such that when a table entry is
> changed or deleted, it is first copied to an archive table. This works
> beautifully, and everything is fine. But _why_ does it work???
Because the rule-added action occurs before the original UPDATE or DELETE.
This is stated in the fine print somewhere in the manual's discussion
of rules.
> So I thought - whoops, I have a bug, my normal user can't delete
> because that requires inserting into TABLE_old, which I haven't given
> them permission for. But they can! Are rules run as some other user or
> what?
Yes, as the rule owner. (More specifically, any table accesses added
by the rule are checked using the owner's permissions. If you have,
say, a function that's called in a rule query, it still executes using
the caller's permissions. There has been debate over whether this is a
bug.)
regards, tom lane
