| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Wrong security context for deferred triggers? |
| Date: | 2025-06-05 16:45:51 |
| Message-ID: | 1295340.1749141951@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Noah Misch <noah(at)leadboat(dot)com> writes:
> In postgr.es/m/1071973.1749075038@sss.pgh.pa.us of yesterday's release notes
> discussion, you wrote "Execute AFTER triggers as the role that was active at
> the moment the trigger event was queued." That's a good direction, since it's
> correct for the mid-query case without raising it explicitly. Maybe this way:
> + Also, the trigger will always run as the role that queued the trigger
> + event, unless the trigger function is defined as <literal>SECURITY
> + DEFINER</literal>, in which case it will run as the function owner.
WFM. I'd probably write "is marked as" not "is defined as".
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2025-06-05 16:47:52 | Re: postmaster uses more CPU in 18 beta1 with io_method=io_uring |
| Previous Message | Dmitry Koval | 2025-06-05 16:41:22 | Re: Add SPLIT PARTITION/MERGE PARTITIONS commands |