On Fri, 2008-01-25 at 14:00 -0500, Tom Lane wrote:
> Simon Riggs <simon@2ndquadrant.com> writes:
> > On Fri, 2008-01-25 at 10:44 -0500, Tom Lane wrote:
> >> There are way too many table privilege bits already; to add more you
> >> need something a lot stronger than a "might be nice" argument.
>
> > People use TRUNCATE whatever we say. If you force people to be table
> > owners or superusers you merely restrict their security options.
>
> By that argument you could justify a separate privilege bit for anything
> at all, eg, each sub-variant of ALTER TABLE.
I already made the argument that TRUNCATE is not similar to DDL in its
effects or usage.
http://archives.postgresql.org/pgsql-sql/2008-01/msg00093.php
> Please present an actual
> argument why TRUNCATE should get its own bit.
Claiming my argument doesn't exist is itself a fairly weak defence...
I only mentioned this for completeness, since its on the TODO list. You
should probably go through the TODO and remove the items you disagree
with. I didn't put it there, nor did I originally propose it. I do think
it has merit; I came up against exactly that issue earlier this month.
Perhaps we should be implementing "extended privileges" by using one
additional bit to mean "has extended privilege list". We presumably want
to implement column level privileges, plus you raise interesting
thoughts about fine grained security access controls for certain
operations, so an extension mechanism seems like the way to go.
-- Simon Riggs 2ndQuadrant http://www.2ndQuadrant.com
