| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Miroslav Šimulčík <simulcik(dot)miro(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: restrict modification of column values in BR triggers |
| Date: | 2012-02-27 13:26:09 |
| Message-ID: | CA+TgmoYAthAczbEs9trhzituYrRK=O+LE7+5jM3bXU2u4BhZGg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Feb 27, 2012 at 5:35 AM, Miroslav Šimulčík
<simulcik(dot)miro(at)gmail(dot)com> wrote:
> is there any way to prevent role from modifing values of some columns of NEW
> row in before row triggers? I revoked insert privilege from these columns to
> ensure that only default value can be inserted, but it is still posible to
> modify values being inserted using before row triggers. I can't revoke
> trigger privilege on that table, because this role must be able to create
> triggers on this table.
No, or at least I don't think so. If you give someone trigger
privileges on your table, that's pretty much game over. The trigger
functions they create will run as you.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2012-02-27 13:36:09 | Re: pgstat documentation tables |
| Previous Message | Alvaro Herrera | 2012-02-27 13:17:21 | Re: check constraint validation takes access exclusive locks |