| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Marcelo Fernandes <marcefern7(at)gmail(dot)com> |
| Cc: | Dominique Devienne <ddevienne(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Why does TRUNCATE require a special privilege? |
| Date: | 2026-01-16 22:11:55 |
| Message-ID: | 450b1e18-0355-454b-9b33-bd4e780914ed@aklaver.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 1/16/26 13:15, Marcelo Fernandes wrote:
> Those operations do different things, sure.
>
> But from a roles/privilege framework perspective, why would you want to give
> certain users the DELETE privilege whereas others you want to give them
> only the TRUNCATE privilege?
>
> Are we saying to a user that "You need a different level of privilege because
> you are about to cause a MVCC-unsafe operation?".
The thing I see as difference worthy of separation is:
"CASCADE
Automatically truncate all tables that have foreign-key references
to any of the named tables, or to any tables added to the group due to
CASCADE.
"
Now the same end result can be done with:
delete from some_table:
where the FK's pointing at some_table have ON CASCADE DELETE. The
difference being a DBA has the option of creating the FKs with ON
CASCADE NO ACTION which would throw an error. In other words you can
prevent an unconstrained DELETE on some_table from removing all the
child records. With TRUNCATE ... CASCADE, you cannot, the potential for
harm is greater.
>
> Or is the privilege framework simply ruling "Do different things, have
> different permissions"?
>
> Marcelo.
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2026-01-16 23:14:40 | Re: Why does TRUNCATE require a special privilege? |
| Previous Message | Marcelo Fernandes | 2026-01-16 21:15:18 | Re: Why does TRUNCATE require a special privilege? |