Re: Regarding TODO item "%Add a separate TRUNCATE permission" - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: Regarding TODO item "%Add a separate TRUNCATE permission"
Date
Msg-id 20060426174525.GN4474@ns.snowman.net
Whole thread Raw
In response to Re: Regarding TODO item "%Add a separate TRUNCATE  (Gevik Babakhani <pgdev@xs4all.nl>)
Responses Re: Regarding TODO item "%Add a separate TRUNCATE permission"
List pgsql-hackers
* Gevik Babakhani (pgdev@xs4all.nl) wrote:
> On Wed, 2006-04-26 at 13:31 -0400, Stephen Frost wrote:
> > * Gevik Babakhani (pgdev@xs4all.nl) wrote:
> > > The new TRUNCATE permission:
> > > Is it meant to be a general truncating permission on all tables,
> > > schema's like: ???I, the DBA give you the privilege to TRUNCATE???
> > > Or is this a per-table, per-schema truncate privilege.
>
> > It would be a per-table, table-level privilege.
>
> Would the privilege apply to the table depending on the table being
> truncated?

eh?  It's just like 'select', 'update', 'delete', etc.  Either you have
permission to truncate the table(s), or you don't.  The main problem
you'll run into here is not the implementation (it's trivial and I've
already done it actually) for this specific permission but that we need
to redesign the permission system to allow for more permission bits
because otherwise we'll run out soon.

My initial thought on how to do this was to split the permissions into
"use" permissions and "admin" permissions.  There's already a split
along these lines built into the system (lower-order bits are "use" and
higher-order bits are "admin", or the other way around) but *alot* of
things currently expect to be able to pass permissions around in 4
bytes.  I'd be happy to look into this some more (and had planned to)
but I've been rather busy lately (finals coming up).

I think the use/admin split is the correct split because the "admin"
permissions aren't checked very frequently (mainly by grants and people
looking at the permission information).  The "use" permissions are
checked very frequently and so need to be kept fast.  I don't think that
would be very difficult to do though.
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: Gevik Babakhani
Date:
Subject: Re: Regarding TODO item "%Add a separate TRUNCATE
Next
From: Tom Lane
Date:
Subject: Re: Regarding TODO item "%Add a separate TRUNCATE