Re: Wrong security context for deferred triggers?

Laurenz Albe <laurenz.albe@cybertec.at>

From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Tom Lane <tgl@sss.pgh.pa.us>, Pavel Stehule <pavel.stehule@gmail.com>
Cc: pgsql-hackers@lists.postgresql.org
Date: 2024-11-04T17:25:51Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Doc: improve description of which role runs a trigger.

  2. Change role names used in trigger test.

  3. Ensure that AFTER triggers run as the instigating user.

  4. Reverse the search order in afterTriggerAddEvent().

Attachments

On Mon, 2024-11-04 at 11:22 -0500, Tom Lane wrote:
> The cfbot points out a minor problem [1]:
> 
>  create role groot;
> +WARNING:  roles created by regression test cases should have names starting with "regress_"
>  create role outis;
> +WARNING:  roles created by regression test cases should have names starting with "regress_"
>  create function whoami() returns trigger language plpgsql
> 
> (You can compile with -DENFORCE_REGRESSION_TEST_NAME_RESTRICTIONS
> to enable these warnings locally.)
> 
> 			regards, tom lane
> 
> [1] http://cfbot.cputube.org/highlights/all.html#4888

Thanks for the hint, the attached v4 patch fixes that problem.

Yours,
Laurenz Albe