Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1snx3C-0079Py-PP for pgsql-general@arkaria.postgresql.org; Tue, 10 Sep 2024 09:20:43 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1snx3B-00AEsS-8s for pgsql-general@arkaria.postgresql.org; Tue, 10 Sep 2024 09:20:41 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1snx3A-00AErJ-Tt for pgsql-general@lists.postgresql.org; Tue, 10 Sep 2024 09:20:40 +0000 Received: from cloud.gatewaynet.com ([185.90.37.94]) by magus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1snx36-000Rqe-N5 for pgsql-general@lists.postgresql.org; Tue, 10 Sep 2024 09:20:40 +0000 Message-ID: <40558bdd-d641-feac-84fe-65b3e87ec085@cloud.gatewaynet.com> Date: Tue, 10 Sep 2024 12:20:25 +0300 MIME-Version: 1.0 Subject: Re: Strange permission effect depending on DEFERRABILITY Content-Language: en-US To: Laurenz Albe , "pgsql-general@lists.postgresql.org" References: <89e33a53-909c-6a02-bfc6-2578ba974e16@cloud.gatewaynet.com> From: Achilleas Mantzios - cloud In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 9/10/24 00:09, Laurenz Albe wrote: > On Mon, 2024-09-09 at 16:14 +0300, Achilleas Mantzios - cloud wrote: >> The below runs on PostgreSQL 16.4 >> >> We are trying to implement a certain operation based on a security definer >> function : mariner_update_availability_date >> >> This is supposed to update a table : mariner , which has several other triggers : >> >> [...] >>   zzzmariner_dmq_tg AFTER INSERT OR DELETE OR UPDATE ON mariner DEFERRABLE INITIALLY DEFERRED FOR EACH ROW EXECUTE FUNCTION export_dmq() >> >> As you noticed the last trigger is a CONSTRAINT DEFERRABLE trigger. >> This function mariner_update_availability_date is supposed to be run by a user : >> cbt_results_import stripped of any privileges to the rest of the system. Here is >> what we get : when we SET the constraint of the last trigger to IMMEDIATE, the >> function runs on behalf of its owner (postgres) who has all needed privileges >> (as superuser) to run the update on mariner table and also run the triggers . >> However, when we run with this CONSTRAINT as DEFERRED then it seems to NOT run >> the last deferrable trigger as postgres. > I have proposed a patch that fixes exactly that case: > https://commitfest.postgresql.org/49/4888/ > > So far, the feedback seems to be that it is not considered a bug. > But that doesn't mean that we cannot change the behavior. Nice work! However I am not sure. What's a trigger owner btw in the thread : https://www.postgresql.org/message-id/flat/77b89e609f21380785865542609fbc14010021c8.camel%40cybertec.at#3d6e4f8fc8872e37f37a75d5e0082e0b ? Do they mean the table owner? is the trigger creator / owner stored somewhere ? I dont see it in system tables or the schema dump. Or do they imply the trigger function owner ? Maybe controlling the queued and later executed trigger invocations security context via a new special GUC? such as : trigger_security_ctx = current_user (default) | table/trigger_owner | execution_triggered_user (in every case a SECURITY DEFINER function would override the above setting) just my 2cents > Yours, > Laurenz Albe