Re: Problem with delete trigger: how to allow only triggers to delete a row?
| От | Christopher Maier |
|---|---|
| Тема | Re: Problem with delete trigger: how to allow only triggers to delete a row? |
| Дата | |
| Msg-id | 854DA6EE-0C09-4410-89E0-0EFF3DBB3BB3@med.unc.edu обсуждение исходный текст |
| Ответ на | Re: Problem with delete trigger: how to allow only triggers to delete a row? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Problem with delete trigger: how to allow only
triggers to delete a row?
|
| Список | pgsql-sql |
On Oct 10, 2008, at 4:53 PM, Tom Lane wrote: > Alvaro Herrera <alvherre@commandprompt.com> writes: >> Looks like you should revoke DELETE privilege from plain users, and >> have your delete trigger be a security definer function. There >> would be >> another security definer function to delete non-deduced rows which >> users >> can call directly. > > That seems overly complicated to use. > > If the triggers that are privileged to delete deduced rows run as a > special user, couldn't the validation triggers look at CURRENT_USER > to see whether to allow the delete of a deduced row or not? > > regards, tom lane That sounds like the best approach, Tom. I've already implemented Alvaro's suggestion, which works nicely. It should be a simple matter to add in the current_user check. I'll give that a whirl and see how it goes. Thanks for all the great suggestions, everyone. Chris
В списке pgsql-sql по дате отправления: