From: | Nick Barr <nicky(at)chuckie(dot)co(dot)uk> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Truncate Permission |
Date: | 2007-06-09 17:03:00 |
Message-ID: | 466ADD44.9060009@chuckie.co.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi,
I was looking to start development on the following TODO entry.
Add a separate TRUNCATE permission
Currently only the owner can TRUNCATE a table because triggers are not called, and the table is locked in exclusive mode.
Does anyone have any objections? Looks like there is a change freeze on
at the moment, so I assume my patch will not get reviewed until 8.4
starts development?
Now some functional questions...
1. I assume you want something like the following?
grant truncate on [table] bla to user;
revoke truncate on [table] bla from user;
Are there any other statements that need to be included?
2. When executing a truncate command, the owner permission check is
replaced by a truncate privilege check. Would you prefer both privileges
to be checked?
3. Can I reuse the old ACL_RULE bit position and display character?
src/include/nodes/parsenodes.h - 1<<4
src/include/utils/acl.h - character 'R'
Will this break dump/restores? I would have preferred to use 't' or 'T'
but these are both used.
4. Should the truncate permission be contained within the all
privileges? If a user does
grant all [privileges] on [table] bla to user;
revoke all [privileges] on [table] bla from user;
If everyone is too busy at the moment with the 8.3 release, let me know
and I will resubmit this stuff in a couple of months when things have
calmed down.
Ta
Nick
From | Date | Subject | |
---|---|---|---|
Next Message | David Fetter | 2007-06-09 17:16:00 | Re: Command tags in create/drop scripts |
Previous Message | Tom Lane | 2007-06-09 15:16:15 | Re: Tsearch vs Snowball, or what's a source file? |