On Mon, Feb 27, 2012 at 5:35 AM, Miroslav Šimulčík <simulcik.m...@gmail.com> wrote: > is there any way to prevent role from modifing values of some columns of NEW > row in before row triggers? I revoked insert privilege from these columns to > ensure that only default value can be inserted, but it is still posible to > modify values being inserted using before row triggers. I can't revoke > trigger privilege on that table, because this role must be able to create > triggers on this table.
No, or at least I don't think so. If you give someone trigger privileges on your table, that's pretty much game over. The trigger functions they create will run as you. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
