Postgres Pro
Downloads
Home   >   mailing lists

Re: Problem with delete trigger: how to allow only triggers to delete a row? - Mailing list pgsql-sql

From Christopher Maier
Subject Re: Problem with delete trigger: how to allow only triggers to delete a row?
Date
Msg-id 854DA6EE-0C09-4410-89E0-0EFF3DBB3BB3@med.unc.edu
Whole thread Raw
In response to Re: Problem with delete trigger: how to allow only triggers to delete a row?  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Problem with delete trigger: how to allow only triggers to delete a row?  ("Christopher Maier" <maier@med.unc.edu>)
List pgsql-sql
Tree view 
On Oct 10, 2008, at 4:53 PM, Tom Lane wrote:

> Alvaro Herrera <alvherre@commandprompt.com> writes:
>> Looks like you should revoke DELETE privilege from plain users, and
>> have your delete trigger be a security definer function.  There  
>> would be
>> another security definer function to delete non-deduced rows which  
>> users
>> can call directly.
>
> That seems overly complicated to use.
>
> If the triggers that are privileged to delete deduced rows run as a
> special user, couldn't the validation triggers look at CURRENT_USER
> to see whether to allow the delete of a deduced row or not?
>
>             regards, tom lane

That sounds like the best approach, Tom.  I've already implemented  
Alvaro's suggestion, which works nicely.  It should be a simple matter  
to add in the current_user check.  I'll give that a whirl and see how  
it goes.

Thanks for all the great suggestions, everyone.

Chris

pgsql-sql by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: Problem with delete trigger: how to allow only triggers to delete a row?
Next
From: Adrian Klaver
Date:
Subject: Re: Problem with delete trigger: how to allow only triggers to delete a row?