Re: Must be table owner to truncate?

Hello all,

I am trying to GRANT truncate permissions to a non-owner of table and it's
not allowing me to:

GRANT TRUNCATE ON stage01 TO jaime44;
ERROR: unrecognized privilege type "truncate"

How do I grant said permission?

Thanks...Michelle.

--
View this message in context: http://www.nabble.com/Must-be-table-owner-to-truncate--tp18697753p18697753.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.

smiley2211 <msramsey22(at)gmail(dot)com> writes:
> GRANT TRUNCATE ON stage01 TO jaime44;
> ERROR: unrecognized privilege type "truncate"

There is no such permission; where did you get the idea there was?

regards, tom lane

According to the documentation, http://www.postgresql.org/docs/current/interactive/sql-truncate.html
, only the owner can truncate a table. Which means the non-owner must either log in/ switch roles as
the owner, or they can just run a DELETE.
-Said

smiley2211 wrote:
>
> Hello all,
>
> I am trying to GRANT truncate permissions to a non-owner of table and it's
> not allowing me to:
>
> GRANT TRUNCATE ON stage01 TO jaime44;
> ERROR: unrecognized privilege type "truncate"
>
> How do I grant said permission?
>
> Thanks...Michelle.
>
> --
> View this message in context:
> http://www.nabble.com/Must-be-table-owner-to-truncate--tp18697753p18697753.html
> Sent from the PostgreSQL - general mailing list archive at Nabble.com.
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>

Unfortunately, I found the command via google...I later checked the
documentation...

http://www.postgresql.org/docs/8.1/static/sql-truncate.html

Thanks...Michelle

Tom Lane-2 wrote:
>
> smiley2211 <msramsey22(at)gmail(dot)com> writes:
>> GRANT TRUNCATE ON stage01 TO jaime44;
>> ERROR: unrecognized privilege type "truncate"
>
> There is no such permission; where did you get the idea there was?
>
> regards, tom lane
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
>
>-(
--
View this message in context: http://www.nabble.com/Must-be-table-owner-to-truncate--tp18697753p18698506.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.

At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote:
> According to the documentation,
> http://www.postgresql.org/docs/current/interactive/sql-truncate.html ,
> only the owner can truncate a table. Which means the non-owner must
> either log in/ switch roles as the owner, or they can just run a DELETE.

Well that's interesting. From a security standpoint, what's the
difference between an unqualified DELETE and a TRUNCATE?

Also interesting to note that TRUNCATE is transaction safe, but not MVCC
safe. Good to know, good to know ...

Kevin

On mið, 2008-07-30 at 07:36 -0400, Kevin Hunter wrote:
> At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote:
> > According to the documentation,
> > http://www.postgresql.org/docs/current/interactive/sql-truncate.html ,
> > only the owner can truncate a table. Which means the non-owner must
> > either log in/ switch roles as the owner, or they can just run a DELETE.
>
> Well that's interesting. From a security standpoint, what's the
> difference between an unqualified DELETE and a TRUNCATE?

lack of triggers and RULEs spring to mind.

gnari

* Ragnar (gnari(at)hive(dot)is) wrote:
>
> On mið, 2008-07-30 at 07:36 -0400, Kevin Hunter wrote:
> > At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote:
> > > According to the documentation,
> > > http://www.postgresql.org/docs/current/interactive/sql-truncate.html ,
> > > only the owner can truncate a table. Which means the non-owner must
> > > either log in/ switch roles as the owner, or they can just run a DELETE.
> >
> > Well that's interesting. From a security standpoint, what's the
> > difference between an unqualified DELETE and a TRUNCATE?
>
> lack of triggers and RULEs spring to mind.

It also takes a bigger lock on the table than DELETE, which may or may
not be considered a security issue. triggers really are the big issue
wrt security and why it deserves to be a seperatelly grantable
permission from delete.

Thanks,

Stephen

On Wednesday 30 July 2008 08:52:26 Ragnar wrote:
> On mið, 2008-07-30 at 07:36 -0400, Kevin Hunter wrote:
> > At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote:
> > > According to the documentation,
> > > http://www.postgresql.org/docs/current/interactive/sql-truncate.html ,
> > > only the owner can truncate a table. Which means the non-owner must
> > > either log in/ switch roles as the owner, or they can just run a
> > > DELETE.
> >
> > Well that's interesting. From a security standpoint, what's the
> > difference between an unqualified DELETE and a TRUNCATE?
>
> lack of triggers and RULEs spring to mind.
>

Just fyi, there is a patch for 8.4 that will add truncate permissions.

--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL