From: | "Claudio Rossi" <wind(dot)claudio(at)inwind(dot)it> |
---|---|
To: | "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | GRANT ROLE and triggers |
Date: | 2007-07-05 00:55:57 |
Message-ID: | JKOL99$856AA46948655A5259CEEED224D07798@libero.it |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hello,
I'm trying to write a trigger function which uses GRANT ROLE statement. Scenario is: I have a group role (let's call it A) which has not superuser privileges and I want to grant A membership to current user after an insert on a particular table, then revoke it after a delete on it; I write trigger function as superuser then I normally login as unprivileged user. The problem I just found out is that GRANT ROLE check privileges against current user even if inside a trigger function, so unprivileged users are not allowed to alter A and to be added as members; after some searching, I discovered a discussion on this forum which states trigger functions privileges are NOT actually checked against trigger owner. Is this correct or did I misunderstand it? Is there a way to do what I'm trying to accomplish? Keep in mind I cannot just create A (the group role) and statically granting membership to users, I need to grant and revoke dinamically to current users, so I can't just CREATE ROLE grouprole ROLE user1, etc... but I need to use GRANT (or ALTER ROLE, but there's the same problem with privileges), but GRANT is forbidden to use as I said above. Thanks for answers.
Regards,
Claudio Rossi
------------------------------------------------------
Leggi GRATIS le tue mail con il telefonino i-mode di Wind
http://i-mode.wind.it/
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2007-07-05 04:01:07 | Re: what is difference between LOCAL and GLOBAL TEMP TABLES in PostgreSQL |
Previous Message | Gregory Stark | 2007-07-04 22:46:32 | Re: ACM Paper relevant to our buffer algorithm |