> > Why not just revoke the delete privilege?
>
> That was one of my first guesses as well, but then I'm not sure if you can
> revoke DELETE and INSERT privilege from the owner of the table...
I just did a quick test on 7.4.5. Yes the table owner can revoke (and
re-grant) delete privileges on a table he owns, but of course I was not
able to revoke delete privileges from a superuser, since by definition
a superuser bypasses all access controls restrictions.
I assume the rule approach would apply to the superuser as well as to
other users. That makes it better able to handle this situation, whether
or not that approach has downsides is an internals question I can't answer.
--
Mike Nolan
