On Wed, 2011-04-06 at 18:33 -0300, Alvaro Herrera wrote:
> (Consider, for example, that you may want to enable a user to run some
> operation to which he is authorized, but you want to carry out some
> privileged operation before/after doing so: for example, disable
> triggers, run an update, re-enable triggers.)

I'm not sure I understand the use case. If it's within one function, why
not just do it all as the privileged user in the security definer

The only reason I can think of it if you wanted to make the unprivileged
operation arbitrary SQL. But in the example you give, with triggers
disabled, it's not safe to allow the user to execute arbitrary

In other words, if you wrap an unprivileged operation inside of
privileged operations, it seems like the unprivileged operation then
becomes privileged. Right?

        Jeff Davis

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to