Skip site navigation (1) Skip section navigation (2)

Re: restrict modification of column values in BR triggers

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Miroslav Šimulčík <simulcik(dot)miro(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: restrict modification of column values in BR triggers
Date: 2012-02-27 13:26:09
Message-ID: CA+TgmoYAthAczbEs9trhzituYrRK=O+LE7+5jM3bXU2u4BhZGg@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Mon, Feb 27, 2012 at 5:35 AM, Miroslav Šimulčík
<simulcik(dot)miro(at)gmail(dot)com> wrote:
> is there any way to prevent role from modifing values of some columns of NEW
> row in before row triggers? I revoked insert privilege from these columns to
> ensure that only default value can be inserted, but it is still posible to
> modify values being inserted using before row triggers. I can't revoke
> trigger privilege on that table, because this role must be able to create
> triggers on this table.

No, or at least I don't think so.  If you give someone trigger
privileges on your table, that's pretty much game over.  The trigger
functions they create will run as you.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

pgsql-hackers by date

Next:From: Robert HaasDate: 2012-02-27 13:36:09
Subject: Re: pgstat documentation tables
Previous:From: Alvaro HerreraDate: 2012-02-27 13:17:21
Subject: Re: check constraint validation takes access exclusive locks

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group