Skip site navigation (1) Skip section navigation (2)

Re: restrict modification of column values in BR triggers

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Miroslav Šimulčík <simulcik(dot)miro(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: restrict modification of column values in BR triggers
Date: 2012-02-27 13:26:09
Message-ID: (view raw or whole thread)
Lists: pgsql-hackers
On Mon, Feb 27, 2012 at 5:35 AM, Miroslav Šimulčík
<simulcik(dot)miro(at)gmail(dot)com> wrote:
> is there any way to prevent role from modifing values of some columns of NEW
> row in before row triggers? I revoked insert privilege from these columns to
> ensure that only default value can be inserted, but it is still posible to
> modify values being inserted using before row triggers. I can't revoke
> trigger privilege on that table, because this role must be able to create
> triggers on this table.

No, or at least I don't think so.  If you give someone trigger
privileges on your table, that's pretty much game over.  The trigger
functions they create will run as you.

Robert Haas
The Enterprise PostgreSQL Company

In response to

pgsql-hackers by date

Next:From: Robert HaasDate: 2012-02-27 13:36:09
Subject: Re: pgstat documentation tables
Previous:From: Alvaro HerreraDate: 2012-02-27 13:17:21
Subject: Re: check constraint validation takes access exclusive locks

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group