| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Thomas Hallgren <thhal(at)mailblocks(dot)com>, PostgreSQL Novice <pgsql-novice(at)postgresql(dot)org>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [NOVICE] Question on TRUNCATE privleges |
| Date: | 2005-02-24 22:15:42 |
| Message-ID: | 27861.1109283342@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-novice |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Uh, that seems like it adds extra complexity just for this single case.
Yeah. I've dropped the idea personally -- the suggestion that the table
owner can provide a SECURITY DEFINER procedure to do the TRUNCATE if he
wants to allow others to do it seems to me to cover the problem.
> Why don't we allow TRUNCATE by non-owners only if no triggers are
> defined, and if they are defined, we throw an error and mention it is
> because triggers/contraints exist?
I don't think we should put weird special cases in the rights checking
to allow this -- that's usually a recipe for introducing unintended
security holes.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2005-02-24 22:17:59 | Re: Some download statistics |
| Previous Message | Bruce Momjian | 2005-02-24 22:10:50 | Re: [NOVICE] Question on TRUNCATE privleges |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-02-24 22:21:29 | Re: [NOVICE] Question on TRUNCATE privleges |
| Previous Message | Bruce Momjian | 2005-02-24 22:10:50 | Re: [NOVICE] Question on TRUNCATE privleges |