Re: Wrong security context for deferred triggers?

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Laurenz Albe <laurenz.albe@cybertec.at>
Cc: Pavel Stehule <pavel.stehule@gmail.com>, pgsql-hackers@lists.postgresql.org
Date: 2025-01-23T17:30:48Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Doc: improve description of which role runs a trigger.

  2. Change role names used in trigger test.

  3. Ensure that AFTER triggers run as the instigating user.

  4. Reverse the search order in afterTriggerAddEvent().

Laurenz Albe <laurenz.albe@cybertec.at> writes:
> Version 5 of the patch is attached.

Pushed with some cosmetic adjustments, such as tweaking comments.
One perhaps less than cosmetic adjustment is that I removed the
test case involving dropping the role.  I didn't think it was
buying much now that we removed the code that was trying to do
something special in that situation.  (Perhaps there is an argument
for having some testing of the system's behavior when running as a
dropped role, but I doubt that this is the place to start on that.)

			regards, tom lane