Re: Yet more ROLE changes in v18 beta1???
| От | Laurenz Albe |
|---|---|
| Тема | Re: Yet more ROLE changes in v18 beta1??? |
| Дата | |
| Msg-id | 793a7752e64b95d267f73e1e4ee6c12c620da5dd.camel@cybertec.at обсуждение исходный текст |
| Ответ на | Re: Yet more ROLE changes in v18 beta1??? (Dominique Devienne <ddevienne@gmail.com>) |
| Список | pgsql-general |
On Wed, 2025-06-04 at 18:42 +0200, Dominique Devienne wrote: > On Wed, Jun 4, 2025 at 5:34 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Dominique Devienne <ddevienne@gmail.com> writes: > > > In any case, if anyone else knows about changes in this area, I'm interested. > > > > Digging through the commit log didn't find much, but conceivably > > > > https://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=01463e1cc > > Ensure that AFTER triggers run as the instigating user. > > Thanks Tom. We don't drop ROLEs in trigger (yet, we'll get there). > So that particular commit is probably not the reason. > Thanks a bunch for looking into it. --DD That change is not about dropping roles, but: - before, if you had a deferred constraint trigger that was triggered while you temporarily assumed a different role (e.g., the DML statement is executed in a SECURITY DEFINER function), the trigger was executed as the current user at commit time - from v18 on, the trigger gets executed as the user that ran the DML statement I would be somewhat surprised if you hit this rather exotic case that went unnoticed for many years, but it is possible. Do you have deferred constraint triggers? Yours, Laurenz Albe
В списке pgsql-general по дате отправления: