Hi,
I was looking to start development on the following TODO entry.
Add a separate TRUNCATE permission
Currently only the owner can TRUNCATE a table because triggers are not called, and the table is locked in exclusive
mode.
Does anyone have any objections? Looks like there is a change freeze on
at the moment, so I assume my patch will not get reviewed until 8.4
starts development?
Now some functional questions...
1. I assume you want something like the following?
grant truncate on [table] bla to user;
revoke truncate on [table] bla from user;
Are there any other statements that need to be included?
2. When executing a truncate command, the owner permission check is
replaced by a truncate privilege check. Would you prefer both privileges
to be checked?
3. Can I reuse the old ACL_RULE bit position and display character?
src/include/nodes/parsenodes.h - 1<<4
src/include/utils/acl.h - character 'R'
Will this break dump/restores? I would have preferred to use 't' or 'T'
but these are both used.
4. Should the truncate permission be contained within the all
privileges? If a user does
grant all [privileges] on [table] bla to user;
revoke all [privileges] on [table] bla from user;
If everyone is too busy at the moment with the 8.3 release, let me know
and I will resubmit this stuff in a couple of months when things have
calmed down.
Ta
Nick
