On Wed, 2025-06-04 at 18:42 +0200, Dominique Devienne wrote: > On Wed, Jun 4, 2025 at 5:34 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > > Dominique Devienne <ddevie...@gmail.com> writes: > > > In any case, if anyone else knows about changes in this area, I'm > > > interested. > > > > Digging through the commit log didn't find much, but conceivably > > > > https://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=01463e1cc > > Ensure that AFTER triggers run as the instigating user. > > Thanks Tom. We don't drop ROLEs in trigger (yet, we'll get there). > So that particular commit is probably not the reason. > Thanks a bunch for looking into it. --DD
That change is not about dropping roles, but: - before, if you had a deferred constraint trigger that was triggered while you temporarily assumed a different role (e.g., the DML statement is executed in a SECURITY DEFINER function), the trigger was executed as the current user at commit time - from v18 on, the trigger gets executed as the user that ran the DML statement I would be somewhat surprised if you hit this rather exotic case that went unnoticed for many years, but it is possible. Do you have deferred constraint triggers? Yours, Laurenz Albe
