Re: Question on TRUNCATE privleges
This is a discussion on Re: Question on TRUNCATE privleges within the pgsql Hackers forums, part of the PostgreSQL category; --> Tom Lane wrote: > "Keith Worthington" <keithw@narrowpathinc.com> writes: > >>I have just discovered that I can speed up one ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-11-2008, 03:49 AM
| ||||
| ||||
 Re: Question on TRUNCATE privleges Tom Lane wrote: > "Keith Worthington" <keithw@narrowpathinc.com> writes: > >>I have just discovered that I can speed up one of my functions by a factor of >>600 by changing an unqualified DELETE to a TRUNCATE. Unfortunately, the >>function is run by multiple users and I get the error message >> "TESTDB=> TRUNCATE inventory.tbl_item; >> ERROR: must be owner of relation tbl_item > > >>There is nothing in the documentation >>(http://www.postgresql.org/docs/8.0/i...-truncate.html) about this >>restriction ( You see Michael I am still reading the documentation. ;-) ) Do >>I get to post my first user comment on the documentation pages? Do I? Hunh? >>Can I? :-) > > > Yup ;-) > > >>Is there a way to have multiple owners of a table or otherwise achive this >>behavior? > > > I'm not entirely sure that requiring ownership of the table is the > appropriate restriction for TRUNCATE. It made some sense back when > TRUNCATE wasn't transaction-safe, but now that it is, you could almost > argue that ordinary DELETE privilege should allow TRUNCATE. > > Almost. The hole in the argument is that TRUNCATE doesn't run ON DELETE > triggers and so it could possibly be used to bypass things the table > owner wants to have happen. You could equate TRUNCATE to DROP TRIGGER(s), > DELETE, CREATE TRIGGER(s) ... but DROP TRIGGER requires ownership. > > CREATE TRIGGER only requires TRIGGER privilege which is grantable. > So one answer is to change DROP TRIGGER to require TRIGGER privilege > (which would mean user A could remove a trigger installed by user B, > if both have TRIGGER privileges on the table) and then say you can > TRUNCATE if you have both DELETE and TRIGGER privileges. > > It looks to me like the asymmetry between CREATE TRIGGER and DROP > TRIGGER is actually required by SQL99, though, so changing it would > be a hard sell (unless SQL2003 fixes it?). > > Comments anyone? > Why not say that TRUNCATE requires the same privilige as a DELETE and add a trigger type that fires (once) on a TRUNCATE? That would give an owner a chance to prevent it. Such a trigger would probably be useful for other things too. Regards, Thomas Hallgren ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq      |
Linear Mode
