> There are also some compatibility concerns involved. If we add
> grantable privileges for TRUNCATE and/or DDL operations, then GRANT ALL
> ON TABLE suddenly conveys a whole lot more privilege than it did before.
> This could lead to unpleasant surprises in security-sensitive
> operations. One could also put forward the argument that it's a direct
> violation of the SQL spec, which after all does specify exactly what
> privileges ALL is supposed to grant.
>
> regards, tom lane
What about separating privileges: "system privileges" for ddl statements and "object privileges" for dml statements in
an"Oracle-like" way? Then you could implement TRUNCATE privileges like they do (roles must have DROP ANY TABLE system
privileges).Is or was there a discussion over this hypothesis?
