Alvaro Herrera <[EMAIL PROTECTED]> writes:
> Looks like you should revoke DELETE privilege from plain users, and
> have your delete trigger be a security definer function. There would be
> another security definer function to delete non-deduced rows which users
> can call directly.
That seems overly complicated to use.
If the triggers that are privileged to delete deduced rows run as a
special user, couldn't the validation triggers look at CURRENT_USER
to see whether to allow the delete of a deduced row or not?
regards, tom lane
--
Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-sql
