Home > mailing lists

Re: Problem with delete trigger: how to allow only triggers to delete a row? - Mailing list pgsql-sql

From	Tom Lane
Subject	Re: Problem with delete trigger: how to allow only triggers to delete a row?
Date	October 10, 2008 20:53:24
Msg-id	2599.1223671995@sss.pgh.pa.us Whole thread Raw
In response to	Re: Problem with delete trigger: how to allow only triggers to delete a row? (Alvaro Herrera <alvherre@commandprompt.com>)
Responses	Re: Problem with delete trigger: how to allow only triggers to delete a row? ("Christopher Maier" <maier@med.unc.edu>)
List	pgsql-sql

Tree view

Alvaro Herrera <alvherre@commandprompt.com> writes:
> Looks like you should revoke DELETE privilege from plain users, and
> have your delete trigger be a security definer function.  There would be
> another security definer function to delete non-deduced rows which users
> can call directly.

That seems overly complicated to use.

If the triggers that are privileged to delete deduced rows run as a
special user, couldn't the validation triggers look at CURRENT_USER
to see whether to allow the delete of a deduced row or not?
        regards, tom lane

pgsql-sql by date:

From: Aarni Ruuhimäki
Date: 10 October 2008, 20:18:05
Subject: SELECT multiple MAX(id)s ?

From: Adrian Klaver
Date: 10 October 2008, 20:57:35
Subject: Re: Problem with delete trigger: how to allow only triggers to delete a row?

Re: Problem with delete trigger: how to allow only triggers to delete a row? - Mailing list pgsql-sql

Previous

Next