Thread: Must be table owner to truncate?
Hello all, I am trying to GRANT truncate permissions to a non-owner of table and it's not allowing me to: GRANT TRUNCATE ON stage01 TO jaime44; ERROR: unrecognized privilege type "truncate" How do I grant said permission? Thanks...Michelle. -- View this message in context: http://www.nabble.com/Must-be-table-owner-to-truncate--tp18697753p18697753.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
smiley2211 <msramsey22@gmail.com> writes:
> GRANT TRUNCATE ON stage01 TO jaime44;
> ERROR: unrecognized privilege type "truncate"
There is no such permission; where did you get the idea there was?
regards, tom lane
According to the documentation, http://www.postgresql.org/docs/current/interactive/sql-truncate.html , only the owner can truncate a table. Which means the non-owner must either log in/ switch roles as the owner, or they can just run a DELETE. -Said smiley2211 wrote: > > Hello all, > > I am trying to GRANT truncate permissions to a non-owner of table and it's > not allowing me to: > > GRANT TRUNCATE ON stage01 TO jaime44; > ERROR: unrecognized privilege type "truncate" > > How do I grant said permission? > > Thanks...Michelle. > > -- > View this message in context: > http://www.nabble.com/Must-be-table-owner-to-truncate--tp18697753p18697753.html > Sent from the PostgreSQL - general mailing list archive at Nabble.com. > > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general >
Unfortunately, I found the command via google...I later checked the documentation... http://www.postgresql.org/docs/8.1/static/sql-truncate.html Thanks...Michelle Tom Lane-2 wrote: > > smiley2211 <msramsey22@gmail.com> writes: >> GRANT TRUNCATE ON stage01 TO jaime44; >> ERROR: unrecognized privilege type "truncate" > > There is no such permission; where did you get the idea there was? > > regards, tom lane > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > > >-( -- View this message in context: http://www.nabble.com/Must-be-table-owner-to-truncate--tp18697753p18698506.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote: > According to the documentation, > http://www.postgresql.org/docs/current/interactive/sql-truncate.html , > only the owner can truncate a table. Which means the non-owner must > either log in/ switch roles as the owner, or they can just run a DELETE. Well that's interesting. From a security standpoint, what's the difference between an unqualified DELETE and a TRUNCATE? Also interesting to note that TRUNCATE is transaction safe, but not MVCC safe. Good to know, good to know ... Kevin
On mið, 2008-07-30 at 07:36 -0400, Kevin Hunter wrote: > At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote: > > According to the documentation, > > http://www.postgresql.org/docs/current/interactive/sql-truncate.html , > > only the owner can truncate a table. Which means the non-owner must > > either log in/ switch roles as the owner, or they can just run a DELETE. > > Well that's interesting. From a security standpoint, what's the > difference between an unqualified DELETE and a TRUNCATE? lack of triggers and RULEs spring to mind. gnari
* Ragnar (gnari@hive.is) wrote: > > On mið, 2008-07-30 at 07:36 -0400, Kevin Hunter wrote: > > At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote: > > > According to the documentation, > > > http://www.postgresql.org/docs/current/interactive/sql-truncate.html , > > > only the owner can truncate a table. Which means the non-owner must > > > either log in/ switch roles as the owner, or they can just run a DELETE. > > > > Well that's interesting. From a security standpoint, what's the > > difference between an unqualified DELETE and a TRUNCATE? > > lack of triggers and RULEs spring to mind. It also takes a bigger lock on the table than DELETE, which may or may not be considered a security issue. triggers really are the big issue wrt security and why it deserves to be a seperatelly grantable permission from delete. Thanks, Stephen
Attachment
On Wednesday 30 July 2008 08:52:26 Ragnar wrote: > On mið, 2008-07-30 at 07:36 -0400, Kevin Hunter wrote: > > At 3:45p -0400 on Mon, 28 Jul 2008, Said Ramirez wrote: > > > According to the documentation, > > > http://www.postgresql.org/docs/current/interactive/sql-truncate.html , > > > only the owner can truncate a table. Which means the non-owner must > > > either log in/ switch roles as the owner, or they can just run a > > > DELETE. > > > > Well that's interesting. From a security standpoint, what's the > > difference between an unqualified DELETE and a TRUNCATE? > > lack of triggers and RULEs spring to mind. > Just fyi, there is a patch for 8.4 that will add truncate permissions. -- Robert Treat Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL