Quick Links

Re: Problem with delete trigger: how to allow only triggers to delete a row?

From:	Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To:	Christopher Maier <maier(at)med(dot)unc(dot)edu>
Cc:	aklaver(at)comcast(dot)net, pgsql-sql(at)postgresql(dot)org
Subject:	Re: Problem with delete trigger: how to allow only triggers to delete a row?
Date:	2008-10-10 18:05:26
Message-ID:	20081010180525.GC4194@alvh.no-ip.org
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-sql

Christopher Maier wrote:

> However, I need to restrict deletion based on, for lack of a better
> term, "where" the DELETE command comes from. I do not want someone
> sitting at a psql console to be able to type:
>
> DELETE FROM my_table WHERE deduced IS TRUE;

Looks like you should revoke DELETE privilege from plain users, and
have your delete trigger be a security definer function. There would be
another security definer function to delete non-deduced rows which users
can call directly.

--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

In response to

Re: Problem with delete trigger: how to allow only triggers to delete a row? at 2008-10-10 17:55:11 from Christopher Maier

Responses

Re: Problem with delete trigger: how to allow only triggers to delete a row? at 2008-10-10 18:25:05 from Christopher Maier
Re: Problem with delete trigger: how to allow only triggers to delete a row? at 2008-10-10 20:53:15 from Tom Lane

Browse pgsql-sql by date

	From	Date	Subject
Next Message	Christopher Maier	2008-10-10 18:25:05	Re: Problem with delete trigger: how to allow only triggers to delete a row?
Previous Message	Christopher Maier	2008-10-10 17:55:11	Re: Problem with delete trigger: how to allow only triggers to delete a row?