| From: | "Nicholas Barr" <nicky(at)chuckie(dot)co(dot)uk> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Truncate Permission |
| Date: | 2007-06-13 14:29:23 |
| Message-ID: | 44180.62.244.190.66.1181744963.squirrel@www.chuckie.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> * Zeugswetter Andreas ADI SD (ZeugswetterA(at)spardat(dot)at) wrote:
>>
>> > > Wouldn't it be far more logical to decide that if a user has the
>> > > permissions to do a DELETE FROM table; then they have permission to
>> do
>> > > a TRUNCATE? Why make an additional permission?
>> >
>> > Truncate doesn't fire ON DELETE triggers.
>>
>> Yes, but it would imho be ok if there are'nt any on delete triggers on
>> the table.
>
> Nope, it doesn't follow MVCC rules properly either. It really needs to
> be a seperate permission.
>
> Thanks,
>
> Stephen
Hi,
Thanks for all the replies. I was primarily looking for some development
to do in my spare time, and have since produced a patch for this. I assume
this patch will be put on hold, which is fine.
Would the core developers accept a patch that extended the ACL types to
support more possible permissions?
At the moment it seems as if a single 32 bit integer is used for the
permissions, with the top half being the grantable rights. I assume I
would need to extend this into two 32 bit integers, or one 64 bit integer?
Would it be worth making this two 64 bit integers whilst we are at it, or
is that just silly? I agree that making a permission for every possible
command would be overkill and somewhat time consuming, so I assume that
two 64 bit integers would also be overkill.
Nick
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2007-06-13 14:36:23 | Re: EXPLAIN omits schema? |
| Previous Message | Jeff MacDonald | 2007-06-13 14:28:58 | Re: [HACKERS] Avoiding legal email signatures |