Blocking the use of TRIGGER privilege - Mailing list pgsql-hackers

From Simon Riggs
Subject Blocking the use of TRIGGER privilege
Date
Msg-id CANbhV-Gm0JDOCENT8Z7+RqeVOYZDMYycgAn+M1HZeZNy97NhOg@mail.gmail.com
Whole thread Raw
List pgsql-hackers
The separate TRIGGER privilege is considered obsolescent. It is not
heavily used and exists mainly to facilitate trigger-based replication
in a multi-user system.
i.e.
GRANT TRIGGER ON foo TO bob;

Since logical replication recommends "Limit ownership and TRIGGER
privilege on such tables to trusted roles.", then it would be useful
to have a way to put in a restriction on that for the trigger
privilege.

We might suggest removing it completely, but it does appear to be a
part of the SQL Standard, T211-07, so that is not an option. In any
case, such a move would need us to do a lengthy deprecation dance
across multiple releases.

But we can just have an option to prevent the TRIGGER privilege being granted.

allow_trigger_privilege = off (new default in PG16) | on
shown in postgresql.conf, only settable at server start so that it
even blocks superusers and special roles.

Existing usage of the trigger privilege would not be touched, only new usage.

(No, this does not mean I want to ban triggers, only the trigger privilege).

Thoughts?

-- 
Simon Riggs                http://www.EnterpriseDB.com/



pgsql-hackers by date:

Previous
From: Masahiko Sawada
Date:
Subject: Re: Introduce wait_for_subscription_sync for TAP tests
Next
From: Andres Freund
Date:
Subject: Re: hash_xlog_split_allocate_page: failed to acquire cleanup lock