Martijn van Oosterhout <kleptog@svana.org> writes:
> The trigger never runs as the owner of the table AIUI, only ever as the
> definer of the function or as session user.
Yeah. This might itself be seen as a bug: I think you could make a
reasonable case that the default behavior ought to be to run as the
table owner (but still overridable if trigger function is SECURITY
DEFINER, of course). In the current situation a table owner can use
a trigger function as a trojan horse against anyone modifying the
table.
And then there's the question of functions run as a result of rule
definitions. That's a lot harder to fix, but (I think) triggers would
be relatively easy to do something about.
regards, tom lane