Here's an interesting security problem: Suppose I create two tables:
create table a (
pk int4 primary key,
aval text
);
create table b (
fk int4 references a (pk) on update cascade,
bval
);
Then I grant a user update to table a but not to table b. He should be able to modify all the values in a freely, including the primary key (in practice it is an invoice number that often gets entered incorrectly and must be corrected.)
But the user should not have update privilege to table b (most particularly, bval is privileged). But I would like the user to be able to update the primary key and hence cascade the update to table b.
Is there a way to get this to work without granting update to table b?
Tom, I understand someone was working on setuid functions. Is that a long way off? It would be nifty if triggers could execute with the privileges of the user that created them rather than the user who is executing them. This would help greatly in closing some security holes like this we are dealing with.
Kyle Bateman