Martijn van Oosterhout <> writes:
> The trigger never runs as the owner of the table AIUI, only ever as the
> definer of the function or as session user.

Yeah.  This might itself be seen as a bug: I think you could make a
reasonable case that the default behavior ought to be to run as the
table owner (but still overridable if trigger function is SECURITY
DEFINER, of course).  In the current situation a table owner can use
a trigger function as a trojan horse against anyone modifying the

And then there's the question of functions run as a result of rule
definitions.  That's a lot harder to fix, but (I think) triggers would
be relatively easy to do something about.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?


Reply via email to