Skip site navigation (1) Skip section navigation (2)

Re: Must be table owner to truncate?

From: Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>
To: pgsql-general(at)postgresql(dot)org
Cc: Ragnar <gnari(at)hive(dot)is>, Kevin Hunter <hunteke(at)earlham(dot)edu>
Subject: Re: Must be table owner to truncate?
Date: 2008-07-30 15:14:52
Message-ID: 200807301114.53031.xzilla@users.sourceforge.net (view raw or flat)
Thread:
Lists: pgsql-general
On Wednesday 30 July 2008 08:52:26 Ragnar wrote:
> On miĆ°, 2008-07-30 at 07:36 -0400, Kevin Hunter wrote:
> > At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote:
> > > According to the documentation,
> > > http://www.postgresql.org/docs/current/interactive/sql-truncate.html ,
> > > only the owner can truncate a table. Which means the non-owner must
> > > either log in/ switch roles as the owner, or they can just run a
> > > DELETE.
> >
> > Well that's interesting.  From a security standpoint, what's the
> > difference between an unqualified DELETE and a TRUNCATE?
>
> lack of triggers and RULEs spring to mind.
>

Just fyi, there is a patch for 8.4 that will add truncate permissions. 

-- 
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL

In response to

pgsql-general by date

Next:From: RagnarDate: 2008-07-30 16:32:16
Subject: Re: Problem running script
Previous:From: Raymond O'DonnellDate: 2008-07-30 15:07:53
Subject: Re: Clone a database to other machine

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group