Tom Lane wrote: > Peter Eisentraut <[EMAIL PROTECTED]> writes: > > Tom Lane wrote: > >> The question in my mind is what privilege to check and when. > > > > By extrapolation of the SQL standard, I'd say we'd need to check > > the EXECUTE privilege of the function at run time. > > Certainly EXECUTE privilege is what to check, but whose privilege?
SQL allows a trigger action to be a more or less random list of statements, which are checked at trigger run time against the privileges of the owner of the trigger. ("The authorization identifier of the owner of the schema that includes the trigger descriptor of TR is pushed onto the authorization stack.") PostgreSQL only allows a trigger action of "call this function", so in the SQL standard context that would mean we'd need to check the EXECUTE privilege of the owner of the trigger. The trick is figuring out who the owner is. If it's the owner of the table, then TRIGGER privilege is effectively total control over the owner of the table. If it's whoever created the trigger, it might be useful, but I don't see how that is compatible with the intent of the SQL standard. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings