Re: [GENERAL] column-level update privs + lock table
Josh Kupershmidt <schmiddy@gmail.com>
From: Josh Kupershmidt <schmiddy@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, Simon Riggs <simon@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2010-11-30T14:07:31Z
Lists: pgsql-hackers
On Mon, Nov 29, 2010 at 10:06 PM, Robert Haas <robertmhaas@gmail.com> wrote: > On Mon, Nov 29, 2010 at 9:37 PM, Josh Kupershmidt <schmiddy@gmail.com> wrote: >> I actually hadn't thought of that, for some reason. >> >> We used to similarly recommend that people handle TRUNCATE privileges >> with a security definer function. That doesn't mean GRANT TRUNCATE >> wasn't a sweet addition to 8.4. > > Hmm, glad you like it (I wrote that). I'm just asking how far we > should go before we decide we catering to use cases that are too > narrow to warrant an extension of the permissions system. I am slightly opposed to adding GRANTs for LOCK TABLE, ANALYZE, VACUUM, etc. The GRANT help page is long enough already, and I doubt many users would use them, even though I might use GRANT LOCK TABLE myself. Josh