Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sYozK-00EIkc-En
	for pgsql-general@arkaria.postgresql.org; Tue, 30 Jul 2024 15:42:10 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sYozJ-00BCPi-15
	for pgsql-general@arkaria.postgresql.org; Tue, 30 Jul 2024 15:42:09 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1sYozI-00BCPX-Lq
	for pgsql-general@lists.postgresql.org; Tue, 30 Jul 2024 15:42:08 +0000
Received: from mail-oo1-xc2f.google.com ([2607:f8b0:4864:20::c2f])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1sYozG-002HRW-0C
	for pgsql-general@lists.postgresql.org; Tue, 30 Jul 2024 15:42:08 +0000
Received: by mail-oo1-xc2f.google.com with SMTP id 006d021491bc7-5d5de0e47b9so1537105eaf.0
        for <pgsql-general@lists.postgresql.org>; Tue, 30 Jul 2024 08:42:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1722354124; x=1722958924; darn=lists.postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=jXsLk3jq+qmeVwICzZbH+yhHDHr80vH5pONyO+QfBno=;
        b=CO5IDyq3SdgjNeSZxiBg9b8AW+KCpr5E56sCb+7s0QMD1xzhkpcezWs7cVQ+ozRoQK
         D8rcMzabkFSxE9DAM9vWtgM1eK1wd6fYBc6Z7vXIjuhv34zLUe4q2MTrCvrKS7lo/sfk
         w/tL986h2BvhT2ojrzwZcNne6qagHO1mRXn0mqYQRfMtPm9rIhAF4q+6sWeUs9hwdGrl
         gskxAFvcGgkgSG+SKuhPhaBFUr3Gqnmg72rREDbgf4YcXzIgPJJT46ML+i9er2WM0r+5
         AiNxwMV5M3pHWOahL4FjnVYCsDhmB4nG66p7PjrQ80jyWh4dHgU8dMjYCDPmTVitFzs1
         UPOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1722354124; x=1722958924;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jXsLk3jq+qmeVwICzZbH+yhHDHr80vH5pONyO+QfBno=;
        b=HblYH6WRA2k7+zE0SwfZO85koAnSyo3rR6yTKFKNVKR1FX/kzqN0oVYvRtKs2HBCSK
         clI7uh2bG2M8juSIIuTYRjxjO9Nt2/uXjM0Ty3og1phFFmXVeyCgQfZo2qE4zAQt5QVm
         aUutxSvoCgDdYp4rjPkC0oObUhxTWVybmsA5aNH2Sk8JC3zV4bJh7GSVfodjxsDZFUr+
         SlKwo06whyS25emQK2vMP60PKyfmbXYTTfOCurmpduy8JLWMkDVf///iCsMraCWv+1DF
         t/jyOq304IhzJD90ZY4z0qC8zL+Tldagoh6PmUv1Byeauq+W+WlP2QSaHhYIAspGfvVd
         AlFQ==
X-Gm-Message-State: AOJu0YwPEK65H/goTnX0F8GJ9nspUPk4lAv0Qr4lUb088Lhz5SrPZm/Q
	tYPIBVRU2Ywxom7tDRoTnPc1ifL1SBoPs2ZRtP+2N249Xtx+R9i29h8lRs1kEN09IiVPS/hs+GE
	dZVny3AZswXEZX8vPwnZ2HBNsFUk=
X-Google-Smtp-Source: AGHT+IFi1xp21HwCCBThfAD0y0OiH6SMU4we8Iw1mVJUE+9BamVA2kwsIxkGxhWRXOX1q8TUWAGsq026nycuRjh09IE=
X-Received: by 2002:a05:6820:555:b0:5d5:d718:1b6c with SMTP id
 006d021491bc7-5d5d718230emr12142102eaf.3.1722354123918; Tue, 30 Jul 2024
 08:42:03 -0700 (PDT)
MIME-Version: 1.0
References: <CAD=mzVU0rx4A0onfC4jHxZ7XreZrk9DNa9pFoGDOjPD1ZhfHgw@mail.gmail.com>
In-Reply-To: <CAD=mzVU0rx4A0onfC4jHxZ7XreZrk9DNa9pFoGDOjPD1ZhfHgw@mail.gmail.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
Date: Tue, 30 Jul 2024 08:41:26 -0700
Message-ID: <CAKFQuwZ1tfj-ycQR1tx=Qp9zO4O7gUj-wrJZKYX3hUtvFrB96g@mail.gmail.com>
Subject: Re: Trigger usecase
To: sud <suds1434@gmail.com>
Cc: pgsql-general <pgsql-general@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000bbd3bb061e78d1f7"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAKFQuwZ1tfj-ycQR1tx%3DQp9zO4O7gUj-wrJZKYX3hUtvFrB96g%40mail.gmail.com>
Precedence: bulk

--000000000000bbd3bb061e78d1f7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 30, 2024 at 8:16=E2=80=AFAM sud <suds1434@gmail.com> wrote:

>
> I understand, technically its possible bith the way, but want to
> understand experts opinion on this and pros ans cons?
>
>
Have client code call a function that performs the relevant work directly
instead of having a trigger perform similar work.

Probably should just remove insert/update/delete permissions from most
users on that table as well, make the function owned by the table owner and
with security definer so it is allowed to perform the needed work.  But the
normal application user is unable to bypass using said function to perform
DML on the table.

David J.

--000000000000bbd3bb061e78d1f7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon=
t-family:arial,helvetica,sans-serif"><span style=3D"font-family:Arial,Helve=
tica,sans-serif">On Tue, Jul 30, 2024 at 8:16=E2=80=AFAM sud &lt;<a href=3D=
"mailto:suds1434@gmail.com">suds1434@gmail.com</a>&gt; wrote:</span><br></d=
iv></div><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex"><div dir=3D"auto"><div dir=3D"auto"><br></div><div dir=3D"auto">=
I understand, technically its possible bith the way, but want to understand=
 experts opinion on this and pros ans cons?</div><div dir=3D"auto"><br></di=
v></div></blockquote><div><br></div><div class=3D"gmail_default" style=3D"f=
ont-family:arial,helvetica,sans-serif">Have client=C2=A0code call a functio=
n that performs the relevant work directly instead of having a trigger perf=
orm similar work.</div><div class=3D"gmail_default" style=3D"font-family:ar=
ial,helvetica,sans-serif"><br></div><div class=3D"gmail_default" style=3D"f=
ont-family:arial,helvetica,sans-serif">Probably should just remove insert/u=
pdate/delete permissions from most users on that table as well, make the fu=
nction owned by the table owner and with security definer so it is allowed =
to perform the needed work.=C2=A0 But the normal application user is unable=
 to bypass using said function to perform DML on the table.</div><div class=
=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif"><br></d=
iv><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-s=
erif">David J.</div><div class=3D"gmail_default" style=3D"font-family:arial=
,helvetica,sans-serif"><br></div></div></div>

--000000000000bbd3bb061e78d1f7--