Hello,
I'm trying to write a trigger function which uses GRANT ROLE statement. Scenario is: I have a group role (let's call it
A)which has not superuser privileges and I want to grant A membership to current user after an insert on a particular
table,then revoke it after a delete on it; I write trigger function as superuser then I normally login as unprivileged
user.The problem I just found out is that GRANT ROLE check privileges against current user even if inside a trigger
function,so unprivileged users are not allowed to alter A and to be added as members; after some searching, I
discovereda discussion on this forum which states trigger functions privileges are NOT actually checked against trigger
owner.Is this correct or did I misunderstand it? Is there a way to do what I'm trying to accomplish? Keep in mind I
cannotjust create A (the group role) and statically granting membership to users, I need to grant and revoke
dinamicallyto current users, so I can't just CREATE ROLE grouprole ROLE user1, etc... but I need to use GRANT (or ALTER
ROLE,but there's the same problem with privileges), but GRANT is forbidden to use as I said above. Thanks for answers.
Regards,
Claudio Rossi
------------------------------------------------------
Leggi GRATIS le tue mail con il telefonino i-mode di Wind
http://i-mode.wind.it/
