Re: Must be table owner to truncate?

From: Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>
To: pgsql-general(at)postgresql(dot)org
Cc: Ragnar <gnari(at)hive(dot)is>, Kevin Hunter <hunteke(at)earlham(dot)edu>
Subject: Re: Must be table owner to truncate?
Date: 2008-07-30 15:14:52
Message-ID: 200807301114.53031.xzilla@users.sourceforge.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Wednesday 30 July 2008 08:52:26 Ragnar wrote:
> On mið, 2008-07-30 at 07:36 -0400, Kevin Hunter wrote:
> > At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote:
> > > According to the documentation,
> > > http://www.postgresql.org/docs/current/interactive/sql-truncate.html ,
> > > only the owner can truncate a table. Which means the non-owner must
> > > either log in/ switch roles as the owner, or they can just run a
> > > DELETE.
> >
> > Well that's interesting. From a security standpoint, what's the
> > difference between an unqualified DELETE and a TRUNCATE?
>
> lack of triggers and RULEs spring to mind.
>

Just fyi, there is a patch for 8.4 that will add truncate permissions.

--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Ragnar 2008-07-30 16:32:16 Re: Problem running script
Previous Message Raymond O'Donnell 2008-07-30 15:07:53 Re: Clone a database to other machine