restrict modification of column values in BR triggers
Hi,
is there any way to prevent role from modifing values of some columns of
NEW row in before row triggers? I revoked insert privilege from these
columns to ensure that only default value can be inserted, but it is still
posible to modify values being inserted using before row triggers. I can't
revoke trigger privilege on that table, because this role must be able to
create triggers on this table.
Thank you.
Best regards
Miroslav Simulcik
On Mon, Feb 27, 2012 at 5:35 AM, Miroslav Šimulčík
<simulcik.miro@gmail.com> wrote:
is there any way to prevent role from modifing values of some columns of NEW
row in before row triggers? I revoked insert privilege from these columns to
ensure that only default value can be inserted, but it is still posible to
modify values being inserted using before row triggers. I can't revoke
trigger privilege on that table, because this role must be able to create
triggers on this table.
No, or at least I don't think so. If you give someone trigger
privileges on your table, that's pretty much game over. The trigger
functions they create will run as you.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company