On Thu, 2002-10-31 at 10:33, Bruno Wolff III wrote:
> On Thu, Oct 31, 2002 at 10:17:26 -0500,
> Rod Taylor <rbt@rbt.ca> wrote:
> > Can't necessarily run them as the table owner, as it may give
> > information to other users with the ability to ALTER that table.
>
> You have to be the table owner to alter a table. So it should be OK
> to have the default expressions and check constraints run as the owner.
Yes, default expressions and check constraints could possibly. However,
both revoke complex expressions (no sub-selects, etc) so there is little
point.
Functions can already suid if you are using them in check constraints
for complex lookups.
An ASSERTION may be appropriate for suid, as would REFERENCES -- but
only when explicitly asked for, and those should run as the constraint
owner NOT as the table owner.
-- Rod Taylor