On Fri, Nov 03, 2017 at 02:09:00PM -0400, Chapman Flack wrote: > From a little experimenting in 9.5, it seems that a referential > integrity trigger is executed with the identity of the referencED > table's owner, but I have not been able to find this covered in > the docs. Is this a documentation oversight, or is it explained > somewhere I didn't look (or may have skimmed right over it)? > > The question came up at $work after the departure of $colleague, > who had created some tables as himself and not changed their > ownership. His role had the superuser bit at the time, so > RI checks involving those tables never incurred 'permission denied' > errors until he left. Then, his role was not dropped, only disabled > for login and made no longer superuser, and that's when RI checks > started incurring 'permission denied'.
Are the trigger functions SECURITY DEFINER? -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers