Josh Berkus <josh@agliodbs.com> writes: >> ... we'd need to check the EXECUTE >> privilege of the owner of the trigger. The trick is figuring out who >> the owner is. If it's the owner of the table, then TRIGGER privilege >> is effectively total control over the owner of the table.
> If that's the case, then a separate TRIGGER priveledge would seem to be > superfluous. Yeah, you could make a good case for removing TRIGGER privilege and making it be an ownership check, as we just did for RULE privilege. > One thing to think about, though; our model allows granting ALTER > privelidge on a table to roles other than the table owner. Huh? ALTER requires ownership. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org