Hello, I'm trying to write a trigger function which uses GRANT ROLE statement. Scenario is: I have a group role (let's call it A) which has not superuser privileges and I want to grant A membership to current user after an insert on a particular table, then revoke it after a delete on it; I write trigger function as superuser then I normally login as unprivileged user. The problem I just found out is that GRANT ROLE check privileges against current user even if inside a trigger function, so unprivileged users are not allowed to alter A and to be added as members; after some searching, I discovered a discussion on this forum which states trigger functions privileges are NOT actually checked against trigger owner. Is this correct or did I misunderstand it? Is there a way to do what I'm trying to accomplish? Keep in mind I cannot just create A (the group role) and statically granting membership to users, I need to grant and revoke dinamically to current users, so I can't just CREATE ROLE grouprole ROLE user1, etc... but I need to use GRANT (or ALTER ROLE, but there's the same problem with privileges), but GRANT is forbidden to use as I said above. Thanks for answers.
Regards, Claudio Rossi ------------------------------------------------------ Leggi GRATIS le tue mail con il telefonino i-modeĀ di Wind http://i-mode.wind.it/ ---------------------------(end of broadcast)--------------------------- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate