summaryrefslogtreecommitdiff
path: root/src/pl/plpython/sql/plpython_trigger.sql
diff options
context:
space:
mode:
authorRobert Haas <rhaas@postgresql.org>2023-04-04 12:03:03 -0400
committerRobert Haas <rhaas@postgresql.org>2023-04-04 12:03:03 -0400
commit482675987bcdffb390ae735cfd5f34b485ae97c6 (patch)
tree889d1ea562d20bf291620e8df982d09f1852aa64 /src/pl/plpython/sql/plpython_trigger.sql
parent1e10d49b65d6c26c61fee07999e4cd59eab2b765 (diff)
Add a run_as_owner option to subscriptions.
This option is normally false, but can be set to true to obtain the legacy behavior where the subscription runs with the permissions of the subscription owner rather than the permissions of the table owner. The advantages of this mode are (1) it doesn't require that the subscription owner have permission to SET ROLE to each table owner and (2) since no role switching occurs, the SECURITY_RESTRICTED_OPERATION restrictions do not apply. On the downside, it allows any table owner to easily usurp the privileges of the subscription owner - basically, to take over their account. Because that's generally quite undesirable, we don't make this mode the default, but we do make it available, just in case the new behavior causes too many problems for someone. Discussion: http://postgr.es/m/CA+TgmoZ-WEeG6Z14AfH7KhmpX2eFh+tZ0z+vf0=eMDdbda269g@mail.gmail.com
Diffstat (limited to 'src/pl/plpython/sql/plpython_trigger.sql')
0 files changed, 0 insertions, 0 deletions