| From: | Nick Barr <nicky(at)chuckie(dot)co(dot)uk> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Truncate Permission |
| Date: | 2007-06-09 17:03:00 |
| Message-ID: | 466ADD44.9060009@chuckie.co.uk |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
I was looking to start development on the following TODO entry.
Add a separate TRUNCATE permission
Currently only the owner can TRUNCATE a table because triggers are not called, and the table is locked in exclusive mode.
Does anyone have any objections? Looks like there is a change freeze on
at the moment, so I assume my patch will not get reviewed until 8.4
starts development?
Now some functional questions...
1. I assume you want something like the following?
grant truncate on [table] bla to user;
revoke truncate on [table] bla from user;
Are there any other statements that need to be included?
2. When executing a truncate command, the owner permission check is
replaced by a truncate privilege check. Would you prefer both privileges
to be checked?
3. Can I reuse the old ACL_RULE bit position and display character?
src/include/nodes/parsenodes.h - 1<<4
src/include/utils/acl.h - character 'R'
Will this break dump/restores? I would have preferred to use 't' or 'T'
but these are both used.
4. Should the truncate permission be contained within the all
privileges? If a user does
grant all [privileges] on [table] bla to user;
revoke all [privileges] on [table] bla from user;
If everyone is too busy at the moment with the 8.3 release, let me know
and I will resubmit this stuff in a couple of months when things have
calmed down.
Ta
Nick
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Fetter | 2007-06-09 17:16:00 | Re: Command tags in create/drop scripts |
| Previous Message | Tom Lane | 2007-06-09 15:16:15 | Re: Tsearch vs Snowball, or what's a source file? |