On Wed, Jun 4, 2025 at 1:45 PM Bruce Momjian <bruce@momjian.us> wrote:
Now, if we do want to mention it, it should be done in a way that makes it clear to readers whether they are affected by this change. We can try text like:
Execute non-SECURITY-DEFINER AFTER triggers as the role that was active at the time the trigger was fired
Previously such triggers were run as the role that was active at commit time.
"Deferred constraint triggers now run as the role active when the trigger was fired: previously they used the role active when execution began."
The timing is not only at commit, and it makes more sense to me to focus on "deferred constraint" instead of the more general "after" trigger.
The trigger doesn't have a security definer clause - the function does and would of course take effect during execution. Not strongly opposed to keeping the note.
