Tom Lane wrote:
> Peter Eisentraut <[EMAIL PROTECTED]> writes:
> > Tom Lane wrote:
> >> The question in my mind is what privilege to check and when.
> >
> > By extrapolation of the SQL standard, I'd say we'd need to check
> > the EXECUTE privilege of the function at run time.
> Certainly EXECUTE privilege is what to check, but whose privilege?

SQL allows a trigger action to be a more or less random list of 
statements, which are checked at trigger run time against the 
privileges of the owner of the trigger.

("The authorization identifier of the owner of the schema that includes 
the trigger descriptor of TR is pushed onto the authorization stack.")

PostgreSQL only allows a trigger action of "call this function", so in 
the SQL standard context that would mean we'd need to check the EXECUTE 
privilege of the owner of the trigger.  The trick is figuring out who 
the owner is.  If it's the owner of the table, then TRIGGER privilege 
is effectively total control over the owner of the table.  If it's 
whoever created the trigger, it might be useful, but I don't see how 
that is compatible with the intent of the SQL standard.

Peter Eisentraut

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

Reply via email to