* Ragnar (gnari@hive.is) wrote:
>
> On mið, 2008-07-30 at 07:36 -0400, Kevin Hunter wrote:
> > At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote:
> > > According to the documentation,
> > > http://www.postgresql.org/docs/current/interactive/sql-truncate.html ,
> > > only the owner can truncate a table. Which means the non-owner must
> > > either log in/ switch roles as the owner, or they can just run a DELETE.
> >
> > Well that's interesting. From a security standpoint, what's the
> > difference between an unqualified DELETE and a TRUNCATE?
>
> lack of triggers and RULEs spring to mind.
It also takes a bigger lock on the table than DELETE, which may or may
not be considered a security issue. triggers really are the big issue
wrt security and why it deserves to be a seperatelly grantable
permission from delete.
Thanks,
Stephen
