Jan Wieck wrote:
>
> I think it would be nice to to have something like setuid
> triggers. Some triggers cause a change of the user and some
> don't. A setuid_user attribute in pg_trigger could do that
> job. If that doesn't contain NULL, the trigger will be
> invoked under the permissions of the user in that field.
> Obviously to say that a normal user can only create setuid
> triggers with his own name.
>
> Should the syntax for CREATE TRIGGER be extended here or
> should we have a completely different command for that?
>
> Any suggestions/comments?
First, what standard says about execution permissions of triggers,
functions and procedures ?
Second, if we would decide to have both setuid and non-setuid
triggers (etc) then I would suggest special command to set
setuid "bit" - just to don't change syntax of both CREATE TRIGGER
and CREATE FUNCTION. Also, in "normal" dbsystem, user first
does CREATE VIEW and only after that does GRANT ... TO ... (it likes
setting setuid bit on VIEW).
Vadim
