Home > mailing lists

Re: policies with security definer option for allowing inline optimization - Mailing list pgsql-hackers

From	Isaac Morland
Subject	Re: policies with security definer option for allowing inline optimization
Date	April 2, 2021 17:03:53
Msg-id	CAMsGm5cRekyA5rrv9ws+rQUOsg1Ve3OQCzRnCcuEHd53PSvs5A@mail.gmail.com Whole thread Raw
In response to	Re: policies with security definer option for allowing inline optimization (Chapman Flack <chap@anastigmatix.net>)
List	pgsql-hackers

Tree view

On Fri, 2 Apr 2021 at 09:44, Chapman Flack <chap@anastigmatix.net> wrote:

On 04/02/21 09:09, Isaac Morland wrote:
> If we're going to do this we should do the same for triggers as well.
>
> ... it's easy to imagine a situation in which a trigger needs to
> write to another table which should not be accessible to the role using the
> table which has the trigger.

Triggers seem to be an area of long-standing weirdness[1].

Thanks for that reference. That has convinced me that I was wrong in a previous discussion to say that triggers should run as the table owner: instead, they should run as the trigger owner (implying that triggers should have owners). Of course at this point the change could only be made as an option in order to avoid a backward compatibility break.

[1]
https://www.postgresql.org/message-id/b1be2d05-b9fd-b9db-ea7f-38253e4e4bab%40anastigmatix.net

pgsql-hackers by date:

From: Isaac Morland
Date: 02 April 2021, 16:57:27
Subject: Re: policies with security definer option for allowing inline optimization

From: Tom Lane
Date: 02 April 2021, 17:04:50
Subject: Re: libpq debug log

Re: policies with security definer option for allowing inline optimization - Mailing list pgsql-hackers

Previous

Next