What are the privileges required to execute a trigger function in PostgreSQL 8.4?
It seems that the privileges set to a role does not matter to execute a trigger function. I think I have seen some day that the privileges required to execute a trigger function is the EXECUTE privilege but for the owner of the table, not the actual role that performs the action which fires the trigger that calls the trigger function.
I cannot find the documentation part that explains that point, any help?
Best Answer
Trigger functions behave just like other functions as far as privileges are concerned. With a minor exception:
UPDATE After feedback in the comments I did some research. There is an open TODO item in the Postgres Wiki:
Linked to this thread on Postgres hackers. Currently,
EXECUTEprivileges on a trigger function are only checked at trigger create time, but not at runtime. So revoking EXECUTE on the trigger function has no effect on a trigger once created. Your observation seems to be correct.This does not grant any additional privileges to manipulate objects. If the calling role lacks privileges needed to execute (parts of) the function body, the usual exception is raised. To pave the way, you could make a privileged user
OWNERof the function and use theclause, as documented in the manual here. It causes the function to be run with the permissions of the owner instead of the invoker (default).
If the owner is a superuser, you need to be extra careful who you grant the
EXECUTEprivilege and what the function can do to avoid abuse. You may want toto begin with and use
SET search_pathfor the function.Be sure to read the chapter on Writing
SECURITY DEFINERFunctions Safely.Find a code example in this related answer on SO.