> There are also some compatibility concerns involved. If we add > grantable privileges for TRUNCATE and/or DDL operations, then GRANT ALL > ON TABLE suddenly conveys a whole lot more privilege than it did before. > This could lead to unpleasant surprises in security-sensitive > operations. One could also put forward the argument that it's a direct > violation of the SQL spec, which after all does specify exactly what > privileges ALL is supposed to grant. > > regards, tom lane
What about separating privileges: "system privileges" for ddl statements and "object privileges" for dml statements in an "Oracle-like" way? Then you could implement TRUNCATE privileges like they do (roles must have DROP ANY TABLE system privileges). Is or was there a discussion over this hypothesis? ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
