Allow GRANT TRIGGER privilege to DROP TRIGGER (Re: Bug ##7716)
| От | Keith Fiske |
|---|---|
| Тема | Allow GRANT TRIGGER privilege to DROP TRIGGER (Re: Bug ##7716) |
| Дата | |
| Msg-id | CAG1_KcDm1-3x0as-2vFwnQJ6Y9d9Op9dP5V4RFRdeDCNqE-aJw@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: Allow GRANT TRIGGER privilege to DROP TRIGGER (Re: Bug ##7716)
|
| Список | pgsql-hackers |
I'd reported a few years ago what seemed an inconsistency with the TRIGGER permission on tables where it allows a role to create a trigger but not to drop it. I don't have the original email to reply directly to the thread anymore, but I've moved on to actually trying to fix it myself, hence sending to this list instead.
Original thread - http://www.postgresql.org/message-id/E1TeaD4-0004le-Vd@wrigleys.postgresql.org
I found RemoveTriggerById() in backend/commands/trigger.c which seems to be the code that actually drops the trigger. And I see in CreateTrigger() above it how to use pg_class_aclcheck() to check for valid permissions, so I was going to see about adding that code to the Remove section. However, I see no code in Remove for checking for object ownership, so I'm not sure how that is being enforced currently which would also have to be adjusted. I see down in RangeVarCallbackForRenameTrigger() that it uses pg_class_ownercheck() to do so, but can't find where that is being done for dropping a trigger. Original thread - http://www.postgresql.org/message-id/E1TeaD4-0004le-Vd@wrigleys.postgresql.org
I've tried tracing the function calls in RemoveTriggerById() to see if one of them is doing the owner check, but I haven't been able to see it. The only other reference to RemoveTriggerById() I can find is in backend/catalog/dependency.c and I don't see the check there either.
В списке pgsql-hackers по дате отправления: