I'm trying to write a trigger function which uses GRANT ROLE statement. 
Scenario is: I have a group role (let's call it A) which has not superuser 
privileges and I want to grant A membership to current user after an insert on 
a particular table, then revoke it after a delete on it; I write trigger 
function as superuser then I normally login as unprivileged user. The problem I 
just found out is that GRANT ROLE check privileges against current user even if 
inside a trigger function, so unprivileged users are not allowed to alter A and 
to be added as members; after some searching, I discovered a discussion on this 
forum which states trigger functions privileges are NOT actually checked 
against trigger owner. Is this correct or did I misunderstand it? Is there a 
way to do what I'm trying to accomplish? Keep in mind I cannot just create A 
(the group role) and statically granting membership to users, I need to grant 
and revoke dinamically to current users, so I can't just CREATE ROLE grouprole 
ROLE user1, etc... but I need to use GRANT (or ALTER ROLE, but there's the same 
problem with privileges), but GRANT is forbidden to use as I said above. Thanks 
for answers.

Claudio Rossi

Leggi GRATIS le tue mail con il telefonino i-modeĀ™ di Wind

---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at


Reply via email to