Re: Problem with delete trigger: how to allow only triggers to delete a row?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Christopher Maier <maier(at)med(dot)unc(dot)edu>, aklaver(at)comcast(dot)net, pgsql-sql(at)postgresql(dot)org
Subject: Re: Problem with delete trigger: how to allow only triggers to delete a row?
Date: 2008-10-10 20:53:15
Message-ID: 2599.1223671995@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-sql

Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> Looks like you should revoke DELETE privilege from plain users, and
> have your delete trigger be a security definer function. There would be
> another security definer function to delete non-deduced rows which users
> can call directly.

That seems overly complicated to use.

If the triggers that are privileged to delete deduced rows run as a
special user, couldn't the validation triggers look at CURRENT_USER
to see whether to allow the delete of a deduced row or not?

regards, tom lane

In response to

Responses

Browse pgsql-sql by date

  From Date Subject
Next Message Adrian Klaver 2008-10-10 20:57:28 Re: Problem with delete trigger: how to allow only triggers to delete a row?
Previous Message Alvaro Herrera 2008-10-10 18:39:20 Re: Problem with delete trigger: how to allow only triggers to delete a row?