The problem is TRUNCATE is more of an administrative privilege. Also, it is not captured in a DELETE trigger, so you have a security issue with that. Also, REFERENCES & TRIGGER are schema changes which should never be done by a normal user.
On Tue, Feb 16, 2016 at 5:39 AM, Vincent Veyron <vv.li...@wanadoo.fr> wrote: > On Mon, 15 Feb 2016 12:06:28 -0500 > Melvin Davidson <melvin6...@gmail.com> wrote: > > > I wrote a short article to explain the proper use of Group and Userss in > the database. > > Hi Melvin, > > Thanks for the explanation, it makes things easy to understand. > > One question : > > > Although GRANT ALL, at first appears to simplify granting permissions, > it is actually a very bad practice that is often misused. That is because > doing so would also allow groups and ordinary users the following > additional privileges: TRUNCATE, REFERENCES & TRIGGER. > > If a user has DELETE rights on a table, I don't see how granting him > TRUNCATE makes that much of a difference? Same could be said of the other > two, it's not like they are going to cause more damage than the previous > rights. > > > > > -- > Bien à vous, Vincent Veyron > > https://marica.fr/ > Gestion des contentieux, des dossiers de sinistres assurance et des > contrats pour le service juridique > > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > -- *Melvin Davidson* I reserve the right to fantasize. Whether or not you wish to share my fantasy is entirely up to you.
