On Monday, April 28, 2025, Steve Chavez <st...@supabase.io> wrote: > > 1. Do `grant evtrig_owner to member with inherit false`, then `member` > will not be able to drop the event trigger. >
I think they can still use set role… After getting my head around this, and re-reading what Tom said, I think you have the grant backwards. You’ve made member a member of owner, while the specification would have to be making owner a member of member. “The notion I proposed earlier that an event trigger only fires on queries executed by roles the trigger's owner belongs to is (AFAICS) safe to allow to anyone. If that's not good enough for your notion of what a DB owner should be able to do, the answer is to grant the DB owner membership in every role that uses her database. That's effectively what the feature you're suggesting would do anyway.” - Tom Lane This might be better to do if you restrict yourself to use a role with the createrole attribute instead of a superuser - since that is effectively what you are trying to model anyway. David J.
