Re: policies with security definer option for allowing inline optimization

Поиск
Список
Период
Сортировка
От Isaac Morland
Тема Re: policies with security definer option for allowing inline optimization
Дата
Msg-id CAMsGm5cRekyA5rrv9ws+rQUOsg1Ve3OQCzRnCcuEHd53PSvs5A@mail.gmail.com
обсуждение исходный текст
Ответ на Re: policies with security definer option for allowing inline optimization  (Chapman Flack <chap@anastigmatix.net>)
Список pgsql-hackers
Дерево обсуждения
On Fri, 2 Apr 2021 at 09:44, Chapman Flack <chap@anastigmatix.net> wrote:
On 04/02/21 09:09, Isaac Morland wrote:
> If we're going to do this we should do the same for triggers as well.
>
> ... it's easy to imagine a situation in which a trigger needs to
> write to another table which should not be accessible to the role using the
> table which has the trigger.

Triggers seem to be an area of long-standing weirdness[1].

Thanks for that reference. That has convinced me that I was wrong in a previous discussion to say that triggers should run as the table owner: instead, they should run as the trigger owner (implying that triggers should have owners). Of course at this point the change could only be made as an option in order to avoid a backward compatibility break.

[1]
https://www.postgresql.org/message-id/b1be2d05-b9fd-b9db-ea7f-38253e4e4bab%40anastigmatix.net

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Isaac Morland
Дата:
Сообщение: Re: policies with security definer option for allowing inline optimization
Следующее
От: Tom Lane
Дата:
Сообщение: Re: libpq debug log