2012/12/7 Simon Riggs <[email protected]>: > On 5 December 2012 11:16, Kohei KaiGai <[email protected]> wrote: > >>> * TRUNCATE works, and allows you to remove all rows of a table, even >>> ones you can't see to run a DELETE on. Er... >>> >> It was my oversight. My preference is to rewrite TRUNCATE command >> with DELETE statement in case when row-security policy is active on >> the target table. >> In this case, a NOTICE message may be helpful for users not to assume >> the table is always empty after the command. > > I think the default must be to throw an ERROR, since part of the > contract with TRUNCATE is that it is fast and removes storage. > OK. Does the default imply you are suggesting configurable behavior using GUC or something? I think both of the behaviors are reasonable from security point of view, as long as user cannot remove unprivileged rows.
Thanks, -- KaiGai Kohei <[email protected]> -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
