Re: [HACKERS] Where is it documented what role executes constrainttriggers? - Mailing list pgsql-hackers

From Nico Williams
Subject Re: [HACKERS] Where is it documented what role executes constrainttriggers?
Date
Msg-id 20171103181157.GY4496@localhost
Whole thread Raw
In response to [HACKERS] Where is it documented what role executes constraint triggers?  (Chapman Flack <chap@anastigmatix.net>)
List pgsql-hackers
On Fri, Nov 03, 2017 at 02:09:00PM -0400, Chapman Flack wrote:
> From a little experimenting in 9.5, it seems that a referential
> integrity trigger is executed with the identity of the referencED
> table's owner, but I have not been able to find this covered in
> the docs. Is this a documentation oversight, or is it explained
> somewhere I didn't look (or may have skimmed right over it)?
> 
> The question came up at $work after the departure of $colleague,
> who had created some tables as himself and not changed their
> ownership. His role had the superuser bit at the time, so
> RI checks involving those tables never incurred 'permission denied'
> errors until he left. Then, his role was not dropped, only disabled
> for login and made no longer superuser, and that's when RI checks
> started incurring 'permission denied'.

Are the trigger functions SECURITY DEFINER?


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

pgsql-hackers by date:

Previous
From: Chapman Flack
Date:
Subject: [HACKERS] Where is it documented what role executes constraint triggers?
Next
From: Tom Lane
Date:
Subject: Re: [HACKERS] Where is it documented what role executes constraint triggers?