Re: Must be owner to truncate?
Christopher Kings-Lynne <chriskl@familyhealth.com.au>
From: Christopher Kings-Lynne <chriskl@familyhealth.com.au>
To: Stephen Frost <sfrost@snowman.net>
Cc: Postgres Hackers <pgsql-hackers@postgresql.org>
Date: 2005-07-08T02:21:31Z
Lists: pgsql-hackers
> The current permissions checks for truncate seem to be excessive. It > requires that you're the owner of the relation instead of requiring > that you have delete permissions on the relation. It was pointed out > that truncate doesn't call triggers but it seems like that would be > something easy enough to check for. My thinking is to replace the > existing ownercheck with: > > Must have delete permissions on the relation > If the relation has triggers: > Check that the caller is the owner of the relation, if so, then > issue a NOTICE that those triggers won't be called and perform the > truncate. > If not the owner, then error out saying there are ON DELETE triggers > and that you're not the owner. I'm strongly in favour of this patch. I am currently in this situation: 1. Web db user runs as non-superuser, non-owner. 2. I have a table of a tens of thousands of rows that I must delete entirely and rebuild every day at least (pg_trgm word list) 3. It just gets slow over time, even with autovac. 4. I can't vacuum it as i'm not the owner, and I cannot truncate it either. 5. Table has no triggers or FK's whatsoever. So, stephen frost's suggestion would be fantastic. Chris