Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> Looks like you should revoke DELETE privilege from plain users, and
> have your delete trigger be a security definer function. There would be
> another security definer function to delete non-deduced rows which users
> can call directly.
That seems overly complicated to use.
If the triggers that are privileged to delete deduced rows run as a
special user, couldn't the validation triggers look at CURRENT_USER
to see whether to allow the delete of a deduced row or not?
regards, tom lane
In response to
pgsql-sql by date
|Next:||From: Adrian Klaver||Date: 2008-10-10 20:57:28|
|Subject: Re: Problem with delete trigger: how to allow only triggers to delete a row?|
|Previous:||From: Alvaro Herrera||Date: 2008-10-10 18:39:20|
|Subject: Re: Problem with delete trigger: how to allow only triggersto delete a row?|