On Mon, 2021-11-22 at 21:02 +0100, Laurenz Albe wrote: > On Mon, 2021-11-22 at 19:54 +0100, Max Ziermann wrote: > > Am 22.11.21 um 16:41 schrieb Laurenz Albe: > > > On Mon, 2021-11-22 at 12:06 +0000, PG Doc comments form wrote: > > > > "Note that the user performing the insert, update or delete on the view > > > > must > > > > have the corresponding insert, update or delete privilege on the view. > > > > In > > > > addition the view's owner must have the relevant privileges on the > > > > underlying base relations, but the user performing the update does not > > > > need > > > > any permissions on the underlying base relations (see Section 41.5)." > > > > > > > > Could it be made more clear that triggers on a underlying table of an > > > > updatable view are still executed with the permissions of the user > > > > performing an insert/update/delete on the view? > > > > > > But that is not the case: that trigger will be executed with the > > > permissions > > > of the owner of the underlying table. > > > > Maybe I am missing an obvious point, but I don't think that's the case. > > SQL example:
After some more thinking and experimenting, I realize that was wrong. The trigger will always execute with the permissions of the user running the query. Only the permissions on the underlying tables are checked for the view owner, the actual query is executed in the security context of the user that queries the view. I don't think that requires special mention on the CREATE VIEW page, since it is no different when views are not involved. It might be worth mentioning on https://www.postgresql.org/docs/current/trigger-definition.html that triggers (unless the function is SECURITY DEFINER) are executed under the security context of the user that runs the query, rather than under the security context of the table owner. Yours, Laurenz Albe
