I wrote: > Possibly this could be generalized to "fire on commands performed by > any role the trigger owner is a member of", but then I'm a bit less > sure that it's safe from both roles' perspectives.
After further thought, I can't poke a hole in that concept. We'd keep the rule that the trigger executes as the calling user. Therefore, the trigger cannot perform any action that the calling user couldn't do if she chose. Conversely, since the trigger owner could become a member of that role and then do whatever the trigger intends to do, this scheme does not give the trigger owner any new abilities either. All we've done is provide what some programming languages call an observer or annotation. I also like the fact that with this rule, superusers' ability to create event triggers that fire for everything is not a special case. regards, tom lane