From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Simon Riggs <simon(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Truncate Triggers |
Date: | 2008-01-26 19:12:33 |
Message-ID: | 20080126191233.GW5031@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> There are also some compatibility concerns involved. If we add
> grantable privileges for TRUNCATE and/or DDL operations, then GRANT ALL
> ON TABLE suddenly conveys a whole lot more privilege than it did before.
> This could lead to unpleasant surprises in security-sensitive
> operations. One could also put forward the argument that it's a direct
> violation of the SQL spec, which after all does specify exactly what
> privileges ALL is supposed to grant.
iirc, the suggestion was to exclude the non-SQL-spec things from 'GRANT
ALL' to avoid just that issue. Having to grant TRUNCATE and/or DDL
operation permissions explicitly would be reasonable. This might create
a disconnect with what 'revoke all' does, since that should really
remove all of the perms, but I feel that's reasonable. A 'Default
secure' approach.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2008-01-26 19:13:45 | Re: Simple row serialization? |
Previous Message | Pavel Stehule | 2008-01-26 18:45:55 | Re: Simple row serialization? |