Josh Berkus <josh@agliodbs.com> writes:
> Therefore I propose the following two additional permissions on
> TABLEs, VIEWs, and FUNCTIONs:
> GRANT ALTER ON object TO user : allows the user to run ALTER or REPLACE
> statements on the object;
> GRANT DROP ON object TO user : allows the user to DROP the object (obviously a
> permission that could only be used once).
ALTER permission seems reasonable, I'm less convinced that GRANT DROP is
really needed.
> Accompanying these should be an extension of triggers to allow logging, etc.,
> of such activity. Namely:
> CREATE TRIGGER tg_name {BEFORE|AFTER} ALTER ON table
> CREATE TRIGGER tg_name BEFORE DROP ON table
These I do not like. We do not run user triggers in the midst of
catalog operations because they might see inconsistent states of the
system catalogs. (Consider for instance the possibility that a table is
being dropped as part of a cascaded drop, and something it depends on is
already gone. What does the trigger see? Does it still work?)
regards, tom lane