Robert Haas <robertmh...@gmail.com> writes: > On Fri, Jan 25, 2013 at 2:59 PM, Kohei KaiGai <kai...@kaigai.gr.jp> wrote: >> 2013/1/20 Tom Lane <t...@sss.pgh.pa.us>: >>> The traditional answer to that, which not only can be done already in >>> all existing releases but is infinitely more flexible than any >>> hard-wired scheme we could implement, is that you create superuser-owned >>> security-definer functions that can execute any specific operation you >>> want to allow, and then GRANT EXECUTE on those functions to just the >>> people who should have it.
> This is valid, but I think that the people who want this functionality > are less interest in avoiding bugs in trusted procedures than they are > in avoiding the necessity for the user to have to learn the local > admin-installed collection of trusted procedures. Sure, but given that we are working on event triggers, surely the correct solution is to make sure that user-provided event triggers can cover permissions-checking requirements, rather than to invent a whole new infrastructure that's guaranteed to never really satisfy anybody. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers