| From: | "Claudio Rossi" <wind(dot)claudio(at)inwind(dot)it> |
|---|---|
| To: | "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | "wind\(dot)claudio" <wind(dot)claudio(at)inwind(dot)it> |
| Subject: | Re: Truncate Triggers |
| Date: | 2008-02-11 17:39:32 |
| Message-ID: | JW351W$2A31CA7C2F328F315177AF48D8EB31F0@libero.it |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> There are also some compatibility concerns involved. If we add
> grantable privileges for TRUNCATE and/or DDL operations, then GRANT ALL
> ON TABLE suddenly conveys a whole lot more privilege than it did before.
> This could lead to unpleasant surprises in security-sensitive
> operations. One could also put forward the argument that it's a direct
> violation of the SQL spec, which after all does specify exactly what
> privileges ALL is supposed to grant.
>
> regards, tom lane
What about separating privileges: "system privileges" for ddl statements and "object privileges" for dml statements in an "Oracle-like" way? Then you could implement TRUNCATE privileges like they do (roles must have DROP ANY TABLE system privileges). Is or was there a discussion over this hypothesis?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2008-02-11 17:42:46 | Re: pg_dump additional options for performance |
| Previous Message | Simon Riggs | 2008-02-11 17:30:13 | Re: pg_dump additional options for performance |