Re: Before/After Trigger User Switching - Mailing list pgsql-sql

From Tom Lane
Subject Re: Before/After Trigger User Switching
Date
Msg-id 19303.1061412802@sss.pgh.pa.us
Whole thread Raw
In response to Re: Before/After Trigger User Switching  ("Aasmund Midttun Godal" <postgresql@aasmund.com>)
List pgsql-sql
"Aasmund Midttun Godal" <postgresql@aasmund.com> writes:
> Thank you for your quick reply! 
> I understand your point of view, however the fact remains that you want the 
> action to be done as though it was the DEFINER user that did it, and that 
> has not changed even thoug the function itself has finished? 

<shrug> ... if there's any bug here, I'd argue that it's that we don't
force trigger functions to run as the owner of the table they're on.
The privileges of the user that did the INSERT or whatever are the wrong
thing in any case, I'd say.

Which suggests a workaround for the moment: your trigger function should
be a SECURITY DEFINER.
        regards, tom lane


pgsql-sql by date:

Previous
From: Richard NAGY
Date:
Subject: link toward pgsql-sql is missing on the left menu at http://archives.postgresql.org/
Next
From: Peter Eisentraut
Date:
Subject: Re: Configuring Problem on Solaris............