| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Marcelo Fernandes <marcefern7(at)gmail(dot)com> |
| Cc: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, Dominique Devienne <ddevienne(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Why does TRUNCATE require a special privilege? |
| Date: | 2026-01-16 23:14:40 |
| Message-ID: | 1725374.1768605280@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Marcelo Fernandes <marcefern7(at)gmail(dot)com> writes:
> But from a roles/privilege framework perspective, why would you want to give
> certain users the DELETE privilege whereas others you want to give them
> only the TRUNCATE privilege?
> Are we saying to a user that "You need a different level of privilege because
> you are about to cause a MVCC-unsafe operation?".
Personally I think that's a plenty good enough reason ;-).
The very different locking level is another good reason.
TRUNCATE will block all other activity on the table, while
DELETE doesn't.
However, looking at our git history, it appears that TRUNCATE was
originally only permitted to the table owner. The separate permission
bit was added (years later) so that the owner could grant out the
ability to others, without doing anything as non-backwards-compatible
as reinterpreting what operations a DELETE grant allows.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Eric Ridge | 2026-01-17 16:18:28 | Re: Fwd: pg18 bug? SELECT query doesn't work |
| Previous Message | Adrian Klaver | 2026-01-16 22:11:55 | Re: Why does TRUNCATE require a special privilege? |