Stephen Frost <[EMAIL PROTECTED]> writes: > The following patch implements individual privileges for TRUNCATE, > VACUUM and ANALYZE. Includes documentation and regression test > updates. Resolves TODO item 'Add a separate TRUNCATE permission'.
> At least the 'no one interested has written a patch' argument is gone > now, fire away with other comments/concerns. :) I have a very serious problem with the idea of inventing individual privilege bits for every maintenance command in sight. That does not scale. How will you handle "GRANT ADD COLUMN", or "GRANT ADD COLUMN as-long-as-its-not-SERIAL-because-I-dont-want-you-creating-sequences", or "GRANT ALTER TABLE RELIABILITY" as soon as someone writes that patch, or a dozen other cases that I could name without stopping for breath? The proposed patch eats three of the five available privilege bits (that is, available without accepting the distributed cost of enlarging ACL bitmasks), and you've made no case at all why we should spend that limited resource in this particular fashion. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly