diff options
| -rw-r--r-- | doc/src/sgml/ref/create_trigger.sgml | 3 | ||||
| -rw-r--r-- | src/backend/commands/trigger.c | 4 |
2 files changed, 6 insertions, 1 deletions
diff --git a/doc/src/sgml/ref/create_trigger.sgml b/doc/src/sgml/ref/create_trigger.sgml index 8d7574319f9..ecb1f56cbfe 100644 --- a/doc/src/sgml/ref/create_trigger.sgml +++ b/doc/src/sgml/ref/create_trigger.sgml @@ -183,7 +183,8 @@ CREATE TRIGGER <replaceable class="PARAMETER">name</replaceable> { BEFORE | AFTE <para> To create a trigger on a table, the user must have the - <literal>TRIGGER</literal> privilege on the table. + <literal>TRIGGER</literal> privilege on the table. The user must + also have <literal>EXECUTE</literal> privilege on the trigger function. </para> <para> diff --git a/src/backend/commands/trigger.c b/src/backend/commands/trigger.c index e3c771a933f..cadca5c01b0 100644 --- a/src/backend/commands/trigger.c +++ b/src/backend/commands/trigger.c @@ -161,6 +161,10 @@ CreateTrigger(CreateTrigStmt *stmt, Oid constraintOid, bool checkPermissions) * Find and validate the trigger function. */ funcoid = LookupFuncName(stmt->funcname, 0, fargtypes, false); + aclresult = pg_proc_aclcheck(funcoid, GetUserId(), ACL_EXECUTE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_PROC, + NameListToString(stmt->funcname)); funcrettype = get_func_rettype(funcoid); if (funcrettype != TRIGGEROID) { |