Josh Berkus <josh@agliodbs.com> writes:
>> ... we'd need to check the EXECUTE
>> privilege of the owner of the trigger. The trick is figuring out who
>> the owner is. If it's the owner of the table, then TRIGGER privilege
>> is effectively total control over the owner of the table.
> If that's the case, then a separate TRIGGER priveledge would seem to be
> superfluous.
Yeah, you could make a good case for removing TRIGGER privilege and
making it be an ownership check, as we just did for RULE privilege.
> One thing to think about, though; our model allows granting ALTER
> privelidge on a table to roles other than the table owner.
Huh? ALTER requires ownership.
regards, tom lane