Re: Proper use of Groups and Users (Roles).

The problem is TRUNCATE is more of an administrative privilege. Also, it is
not captured in a DELETE trigger, so you have a security issue with that.
Also, REFERENCES & TRIGGER are schema changes which should never be done by
a normal user.

On Tue, Feb 16, 2016 at 5:39 AM, Vincent Veyron <vv(dot)lists(at)wanadoo(dot)fr> wrote:

> On Mon, 15 Feb 2016 12:06:28 -0500
> Melvin Davidson <melvin6925(at)gmail(dot)com> wrote:
>
> > I wrote a short article to explain the proper use of Group and Userss in
> the database.
>
> Hi Melvin,
>
> Thanks for the explanation, it makes things easy to understand.
>
> One question :
>
> > Although GRANT ALL, at first appears to simplify granting permissions,
> it is actually a very bad practice that is often misused. That is because
> doing so would also allow groups and ordinary users the following
> additional privileges: TRUNCATE, REFERENCES & TRIGGER.
>
> If a user has DELETE rights on a table, I don't see how granting him
> TRUNCATE makes that much of a difference? Same could be said of the other
> two, it's not like they are going to cause more damage than the previous
> rights.
>
>
>
>
> --
> Bien à vous, Vincent Veyron
>
> https://marica.fr/
> Gestion des contentieux, des dossiers de sinistres assurance et des
> contrats pour le service juridique
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>

--
*Melvin Davidson*
I reserve the right to fantasize. Whether or not you
wish to share my fantasy is entirely up to you.