isn't it possible to restrict UPDATE by access rights based on the DB's
user?
Create table with owner set to the administrator of the database (NOT
PostgreSQL SERVER!!!) and grant only the needed rights (or none of them)
to the user from which the usual processing of the database will be
performed. Then, create a trigger function with SECURITY DEFINER set and
own it by the owner of the database (or other user, who's granted to
UPDATE the table). So, if no one else is granted UPDATE on the table,
the only UPDATE-modifiers of the table will be the owner and the trigger
function's owner (if differs from owner).
Best regards,
Andrey V. Semyonov