Re: Suggestion GRANT ALTER, TRIGGER ON ALTER

Josh Berkus <josh@agliodbs.com> writes:
> Therefore I propose the following two additional permissions on
> TABLEs, VIEWs, and FUNCTIONs:
> GRANT ALTER ON object TO user : allows the user to run ALTER or REPLACE 
> statements on the object;
> GRANT DROP ON object TO user : allows the user to DROP the object (obviously a 
> permission that could only be used once).

ALTER permission seems reasonable, I'm less convinced that GRANT DROP is
really needed.

> Accompanying these should be an extension of triggers to allow logging, etc.,
> of such activity.   Namely:

> CREATE TRIGGER tg_name {BEFORE|AFTER}  ALTER ON table 
> CREATE TRIGGER tg_name BEFORE DROP ON table

These I do not like.  We do not run user triggers in the midst of
catalog operations because they might see inconsistent states of the
system catalogs.  (Consider for instance the possibility that a table is
being dropped as part of a cascaded drop, and something it depends on is
already gone.  What does the trigger see?  Does it still work?)
        regards, tom lane