On Wed, 2011-04-06 at 18:33 -0300, Alvaro Herrera wrote: > (Consider, for example, that you may want to enable a user to run some > operation to which he is authorized, but you want to carry out some > privileged operation before/after doing so: for example, disable > triggers, run an update, re-enable triggers.)
I'm not sure I understand the use case. If it's within one function, why not just do it all as the privileged user in the security definer function? The only reason I can think of it if you wanted to make the unprivileged operation arbitrary SQL. But in the example you give, with triggers disabled, it's not safe to allow the user to execute arbitrary operations. In other words, if you wrap an unprivileged operation inside of privileged operations, it seems like the unprivileged operation then becomes privileged. Right? Regards, Jeff Davis -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers