Re: Wrong security context for deferred triggers? - Mailing list pgsql-hackers

From Laurenz Albe
Subject Re: Wrong security context for deferred triggers?
Date
Msg-id 8e8ef9739bdcc99d4e58916578a2d0a7b5c4268b.camel@cybertec.at
Whole thread Raw
In response to Re: Wrong security context for deferred triggers?  ("David G. Johnston" <david.g.johnston@gmail.com>)
Responses Re: Wrong security context for deferred triggers?
List pgsql-hackers
On Sat, 2024-06-22 at 20:13 -0700, David G. Johnston wrote:
> [bikeshedding discussion about SQL syntax]

Sure, something like CREATE TRIGGER ... USING {INVOKER|CURRENT} ROLE
orsimilar would work, but think that this discussion is premature
at this point.  If we have syntax to specify the behavior
of deferred triggers, that needs a new column in "pg_trigger", support
in pg_get_triggerdef(), pg_dump, pg_upgrade etc.

All that is possible, but keep in mind that we are talking about corner
case behavior.  To the best of my knowledge, nobody has even noticed the
difference in behavior up to now.

I think that we should have some consensus about the following before
we discuss syntax:

- Does anybody depend on the current behavior and would be hurt if
  my current patch went in as it is?

- Is this worth changing at all or had we better document the current
  behavior and leave it as it is?

Concerning the latter, I am hoping for a detailed description of our
customer's use case some time soon.

Yours,
Laurenz Albe



pgsql-hackers by date:

Previous
From: vignesh C
Date:
Subject: Re: walsender.c comment with no context is hard to understand
Next
From: Amit Kapila
Date:
Subject: Re: Conflict Detection and Resolution