Re: [GENERAL] column-level update privs + lock table

Josh Kupershmidt <schmiddy@gmail.com>

From: Josh Kupershmidt <schmiddy@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, Simon Riggs <simon@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2010-11-30T14:07:31Z
Lists: pgsql-hackers
On Mon, Nov 29, 2010 at 10:06 PM, Robert Haas <robertmhaas@gmail.com> wrote:
> On Mon, Nov 29, 2010 at 9:37 PM, Josh Kupershmidt <schmiddy@gmail.com> wrote:
>> I actually hadn't thought of that, for some reason.
>>
>> We used to similarly recommend that people handle TRUNCATE privileges
>> with a security definer function. That doesn't mean GRANT TRUNCATE
>> wasn't a sweet addition to 8.4.
>
> Hmm, glad you like it (I wrote that).  I'm just asking how far we
> should go before we decide we catering to use cases that are too
> narrow to warrant an extension of the permissions system.

I am slightly opposed to adding GRANTs for LOCK TABLE, ANALYZE,
VACUUM, etc. The GRANT help page is long enough already, and I doubt
many users would use them, even though I might use GRANT LOCK TABLE
myself.

Josh