Trigger Function DML and Permissions

Appears Postgres 7.3.3 utilizes current user permissions when executing DML
within trigger functions.

How would one transparently (from the client perspective) switch users for the
purpose of trigger function execution and the restore to the original after
execution?

This issue will arise again with Insert, Update and Delete functions.

Raymond

Hi Raymond,

Have you tried using the SECURITY DEFINER option when you create a function?
This runs the function with the same privileges as the user who defined the
function. If you are clever with the definer user and limit their access to
various database objects you may get what you want. If you need to change
permissions in the middle of a function you could presumably create smaller
plpgsql functions with security definer and leave the others to security
invoker. The doesn't know that this is going on as all the security stuffs
is done at the server.

Cheers,

Jason

On Mon, 21 Jul 2003 12:05 pm, Raymond wrote:
> Appears Postgres 7.3.3 utilizes current user permissions when executing DML
> within trigger functions.
>
> How would one transparently (from the client perspective) switch users for
> the purpose of trigger function execution and the restore to the original
> after execution?
>
> This issue will arise again with Insert, Update and Delete functions.
>
> Raymond
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html