On 28 Jul 2021, at 1:46, David G. Johnston wrote:
> I'd probably do "CREATE PROCEDURE create_new_host(new_host_name text,
> new_host_domain integer) ... SECURITY DEFINER"
>
> Then grant permission to call that procedure to roles that need to create
> new host records. Your original CTE would then be executed within the
> procedure. Roles would not be given permission to insert directly into the
> host or related tables - but the owner of the procedure would.
>
Okay, that’s something I can get my teeth into.
Many thanks,
Nic