Re: [GENERAL] What user to defaults execute as? - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: [GENERAL] What user to defaults execute as?
Date
Msg-id Pine.LNX.4.44.0211052007430.1815-100000@localhost.localdomain
Whole thread Raw
In response to Re: [GENERAL] What user to defaults execute as?  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tom Lane writes:

> Okay, I've thought of one: consider the situation where you want to
> label each row in a table with the ID of the user who inserted it.
> Right now, you can do
>     ...,
>     who    name    default current_user,
>     ...
> or for greater security use a trigger to set the column value.
> This will stop working if defaults and triggers run as the table
> owner.

According to the SQL standard, privileges on constraints should
effectively be checked at the time the constraint is created.  For
example, when you create a foreign key constraint you may need certain
REFERENCES privileges, and equally creating check constraints should
require REFERENCES privilege on tables involved in subqueries.

While the SQL standard doesn't say anything on how this should apply to
column defaults (since there you can't call user-defined functions or
subqueries in default clauses), it would make sense to carry this over.

-- 
Peter Eisentraut   peter_e@gmx.net



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: PL/Perl and Perl 5.8
Next
From: "Marc G. Fournier"
Date:
Subject: Re: v7.3Beta4 Tag'd and Packaged ...