On Wed, Oct 30, 2002 at 14:03:21 -0600, > > While I am not sure about triggers, it certainly is possible to get > a similar effect be having the referenced function run with the security > of the definer.
I read some more on triggers and found that according to the documentation, they appear to run as the user doing the insert, update or delete and are specifically noted to be dangerous. And while using the execute as definer can allow a trigger writer to provide limited access to the invoker, it doesn't protect the invoker from the trigger writer. It seems unlikely that triggers should be doing things to objects that the trigger owner doesn't have rights to. And this might be another place where using the access of the owner would be better than using that of the invoker. ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
