2012/12/7 Simon Riggs <si...@2ndquadrant.com>: > On 5 December 2012 11:16, Kohei KaiGai <kai...@kaigai.gr.jp> wrote: > >>> * TRUNCATE works, and allows you to remove all rows of a table, even >>> ones you can't see to run a DELETE on. Er... >>> >> It was my oversight. My preference is to rewrite TRUNCATE command >> with DELETE statement in case when row-security policy is active on >> the target table. >> In this case, a NOTICE message may be helpful for users not to assume >> the table is always empty after the command. > > I think the default must be to throw an ERROR, since part of the > contract with TRUNCATE is that it is fast and removes storage. > OK. Does the default imply you are suggesting configurable behavior using GUC or something? I think both of the behaviors are reasonable from security point of view, as long as user cannot remove unprivileged rows.
Thanks, -- KaiGai Kohei <kai...@kaigai.gr.jp> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
