Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rySzY-00GQNl-Ki for pgsql-general@arkaria.postgresql.org; Sun, 21 Apr 2024 08:56:08 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1rySzV-00DmH5-5U for pgsql-general@arkaria.postgresql.org; Sun, 21 Apr 2024 08:56:05 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rySzU-00DmGx-Qx for pgsql-general@lists.postgresql.org; Sun, 21 Apr 2024 08:56:04 +0000 Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1rySzO-0026kV-97 for pgsql-general@lists.postgresql.org; Sun, 21 Apr 2024 08:56:04 +0000 Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-69b137d09e3so21761256d6.1 for ; Sun, 21 Apr 2024 01:55:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713689756; x=1714294556; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=J3d5dM5uwPJCkoXJWXI4xcaHSlgKNNnpLgsuq0GG+CQ=; b=Pv/L3bHbKvUGYQb6HZ3+x691Jk8tyW2HeY5VS/AcEssgUTL6hXnSkrDksHSFPVrLo3 +TwUnYhsT0gRmwwTpC4oT/n4U4Cbio80xuq1uZe6U5Zqd5lhYoamjLm/yJQem7gjB7+R p01NTW6+yg+MQZXZlhtNqMhg2qJKiEJYcynutA1+zxMGzbQXbk3POc/67LAjoF9IpB+j 4dsQy5A6L/lH4ollTngamXsy8ikGNlfKNBRSsdvL/+6auQG/fRtrXtyweOnrnrMAUEa5 +YHJMkRzGnjIN24TNkvVVM15jsmzoYJU5gqR66i1q8dCUFvktmDeHh+SGorirGF8V9sg mQbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713689756; x=1714294556; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=J3d5dM5uwPJCkoXJWXI4xcaHSlgKNNnpLgsuq0GG+CQ=; b=q/irqkOmW+IuTZsPedUFG5gs2sxzE7HHyeSP+uLUuoNV1RZaFz6DUTw0xEy00c9Otj wMcTW6LaAz+xC9YcfhnLGS8FtU9OfY3+jnYCA64Vm5RfncQZOB1L1GPEVw3nvjABcW/1 4W3BKhBd7f56rgZBRYkkDbOcEsW+14OOe/cRLYTfZTSzTVynMblkg3k4BEAGDmYciEPv 18MmOq+6BpyhAQBtkTpp0YZMDcngozw9UOEE5EUdE4lbmPYmSOZgIRz0VP0pnHwEiaoi 5YkfA346D5nZbR18HAHoNojibPYmY1xySnDNLsblz3eeAQkxzte29n/iXI5ii/f+RH7r 2lTA== X-Gm-Message-State: AOJu0YxtiAtZWMCyWeGU8Gqd3wEJPC3/X04MNZxYes4Z5vy7Cd5pg0Cv hlAHemYrk8YdwhjZ04VeD4UpWtIabBSJ4GvOTfXKjYRZVI/YrzTAsZ7gDmg+0yyclbQeMJTHr1/ 6/IPzHkNMMYFoHFhG50pFFGg2zlE= X-Google-Smtp-Source: AGHT+IG5ipiofY1n/7lT5Tq8jXiwvq1p4RtxnO15NRB1o9Cnl6Hn73VWGvrSaXMH0PZqUHnBbRJbabZB3yply0EhHf4= X-Received: by 2002:ad4:42d0:0:b0:69b:64d4:4b11 with SMTP id f16-20020ad442d0000000b0069b64d44b11mr7979482qvr.22.1713689756206; Sun, 21 Apr 2024 01:55:56 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: yudhi s Date: Sun, 21 Apr 2024 14:25:44 +0530 Message-ID: Subject: Re: error in trigger creation To: "David G. Johnston" Cc: pgsql-general Content-Type: multipart/alternative; boundary="0000000000002c90650616977d43" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000002c90650616977d43 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, Apr 21, 2024 at 1:55=E2=80=AFPM David G. Johnston < david.g.johnston@gmail.com> wrote: > On Sunday, April 21, 2024, yudhi s wrote: > >> so that it will be able to assign the privilege, so we will be able to >> create the event trigger without need to run the event trigger script fr= om >> super user itself? >> > > Write a security-definer function owned by superuser and grant app_user > permission to execute it. > > David J. > > Thank You David. Are you saying something like below, in which we first create the function from super user and then execute the grant? But doesn't that mean, each time we want to create a new event trigger we have to be again dependent on the "super user" to modify the security definer function? CREATE OR REPLACE FUNCTION create_event_trigger_func() RETURNS void LANGUAGE plpgsql SECURITY DEFINER AS $$ BEGIN EXECUTE 'CREATE EVENT TRIGGER event_trigger_name ON schema_name ...'; END; $$; GRANT EXECUTE ON FUNCTION create_event_trigger_func() TO app_user; --0000000000002c90650616977d43 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sun, Apr 21, 2024 at 1:55=E2=80=AFPM D= avid G. Johnston <david.g.= johnston@gmail.com> wrote:
On Sunday, April 21, 2024, yud= hi s <l= earnerdatabase99@gmail.com> wrote:
so that it will be able to assign the = privilege, so we will be able to create the event trigger without need to r= un the event trigger script from super user itself?
=
Write a security-definer function owned by superuser and gra= nt app_user permission to execute it.

David J.
=C2=A0

Thank You David.
<= div>
=C2=A0Are you saying something like below, in which we first = create the function from super user and then execute the grant? But doesn&#= 39;t that mean, each time we want to create a new event trigger we have to = be again dependent on the "super user" to modify the security def= iner function?

CREATE OR REPLACE= FUNCTION create_event_trigger_func()
=C2=A0 RETURNS void
=C2=A0 LANG= UAGE plpgsql
=C2=A0 SECURITY DEFINER
=C2=A0 AS $$
=C2=A0 BEGIN
= =C2=A0 =C2=A0 EXECUTE 'CREATE EVENT TRIGGER event_trigger_name ON schem= a_name ...';=C2=A0
=C2=A0 END;
$$;

GRANT EXECUTE ON FUNCTION create_event_trigger_func()= TO app_user;=C2=A0
--0000000000002c90650616977d43--