Re: [NOVICE] Question on TRUNCATE privleges

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: Thomas Hallgren <thhal(at)mailblocks(dot)com>, PostgreSQL Novice <pgsql-novice(at)postgresql(dot)org>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [NOVICE] Question on TRUNCATE privleges
Date: 2005-02-24 22:15:42
Message-ID: 27861.1109283342@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-novice

Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Uh, that seems like it adds extra complexity just for this single case.

Yeah. I've dropped the idea personally -- the suggestion that the table
owner can provide a SECURITY DEFINER procedure to do the TRUNCATE if he
wants to allow others to do it seems to me to cover the problem.

> Why don't we allow TRUNCATE by non-owners only if no triggers are
> defined, and if they are defined, we throw an error and mention it is
> because triggers/contraints exist?

I don't think we should put weird special cases in the rights checking
to allow this -- that's usually a recipe for introducing unintended
security holes.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2005-02-24 22:17:59 Re: Some download statistics
Previous Message Bruce Momjian 2005-02-24 22:10:50 Re: [NOVICE] Question on TRUNCATE privleges

Browse pgsql-novice by date

  From Date Subject
Next Message Bruce Momjian 2005-02-24 22:21:29 Re: [NOVICE] Question on TRUNCATE privleges
Previous Message Bruce Momjian 2005-02-24 22:10:50 Re: [NOVICE] Question on TRUNCATE privleges