Re: Must be owner to truncate?

* Andreas Seltenreich (andreas+pg(at)gate450(dot)dyndns(dot)org) wrote:
> Bruce Momjian schrob:
> > Added to TODO:
> >
> > * Add TRUNCATE permission
> >
> > Currently only the owner can TRUNCATE a table because triggers are not
> > called, and the table is locked in exclusive mode.
>
> Is anyone working on this yet? I looked at the code involved, and it
> seems there are just a couple of lines needed, some regression test
> and documentation updates, and most importantly, tab-completion
> updates.

I'm not working on it, though I agree that it really shouldn't be very
difficult to add. I'd certainly like to see it done. While you're in
there I'd really like to see analyze and vacuum as grantable permissions
too...

Of course, eliminating the need for them would be even better... :)

> However, a question arose quickly: According to the standard, revoking
> INSERT, UPDATE and DELETE after GRANT ALL PRIVILEGES would leave the
> relation read-only, but with the TRUNCATE privilege lying around, this
> would no longer be true for PostgreSQL. Would this open a security
> hole or is it okay as far as extensions to the standard go?

Hrm, I'm not really sure about this one. I could see linking TRUNCATE
with DELETE (ie: you must have both DELETE and TRUNCATE permissions on a
table to TRUNCATE it, ala SELECT/UPDATE), or perhaps excluding TRUNCATE
from GRANT ALL PRIVILEGES.

Thanks,

Stephen