Skip site navigation (1) Skip section navigation (2)

Re: Problem with delete trigger: how to allow only triggers to delete a row?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Christopher Maier <maier(at)med(dot)unc(dot)edu>, aklaver(at)comcast(dot)net, pgsql-sql(at)postgresql(dot)org
Subject: Re: Problem with delete trigger: how to allow only triggers to delete a row?
Date: 2008-10-10 20:53:15
Message-ID: 2599.1223671995@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-sql
Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> Looks like you should revoke DELETE privilege from plain users, and
> have your delete trigger be a security definer function.  There would be
> another security definer function to delete non-deduced rows which users
> can call directly.

That seems overly complicated to use.

If the triggers that are privileged to delete deduced rows run as a
special user, couldn't the validation triggers look at CURRENT_USER
to see whether to allow the delete of a deduced row or not?

			regards, tom lane

In response to

Responses

pgsql-sql by date

Next:From: Adrian KlaverDate: 2008-10-10 20:57:28
Subject: Re: Problem with delete trigger: how to allow only triggers to delete a row?
Previous:From: Alvaro HerreraDate: 2008-10-10 18:39:20
Subject: Re: Problem with delete trigger: how to allow only triggersto delete a row?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group