Skip site navigation (1) Skip section navigation (2)

Re: [NOVICE] Question on TRUNCATE privleges

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: KeithW(at)narrowpathinc(dot)com
Cc: PostgreSQL Novice <pgsql-novice(at)postgresql(dot)org>,pgsql-hackers(at)postgresql(dot)org
Subject: Re: [NOVICE] Question on TRUNCATE privleges
Date: 2005-02-24 22:47:44
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackerspgsql-novice
"Keith Worthington" <keithw(at)narrowpathinc(dot)com> writes:
> On Thu, 24 Feb 2005 17:15:42 -0500, Tom Lane wrote
>> Yeah.  I've dropped the idea personally -- the suggestion that the table
>> owner can provide a SECURITY DEFINER procedure to do the TRUNCATE if 
>> he wants to allow others to do it seems to me to cover the problem.

> Could someone point me in the direction of documentation on this SECURITY
> DEFINER feature?

See CREATE FUNCTION.  Something like (untested)

create function truncate_my_table() returns void as
$$ truncate my_table $$ language sql security definer;

You'd probably then revoke the default public EXECUTE rights on this
function, and grant EXECUTE only to selected users.

			regards, tom lane

In response to

pgsql-novice by date

Next:From: Ross GohlkeDate: 2005-02-25 01:03:50
Subject: Using upper() / decode() together
Previous:From: Keith WorthingtonDate: 2005-02-24 22:28:08
Subject: Re: [NOVICE] Question on TRUNCATE privleges

pgsql-hackers by date

Next:From: Eric CramptonDate: 2005-02-24 22:49:00
Subject: Patch for Postmaster Uptime (from the TODO)
Previous:From: Marc G. FournierDate: 2005-02-24 22:40:37
Subject: Re: Some download statistics

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group