From a little experimenting in 9.5, it seems that a referential
integrity trigger is executed with the identity of the referencED
table's owner, but I have not been able to find this covered in
the docs. Is this a documentation oversight, or is it explained
somewhere I didn't look (or may have skimmed right over it)?
The question came up at $work after the departure of $colleague,
who had created some tables as himself and not changed their
ownership. His role had the superuser bit at the time, so
RI checks involving those tables never incurred 'permission denied'
errors until he left. Then, his role was not dropped, only disabled
for login and made no longer superuser, and that's when RI checks
started incurring 'permission denied'.
-Chap
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers