* Tom Lane ([EMAIL PROTECTED]) wrote: > There are also some compatibility concerns involved. If we add > grantable privileges for TRUNCATE and/or DDL operations, then GRANT ALL > ON TABLE suddenly conveys a whole lot more privilege than it did before. > This could lead to unpleasant surprises in security-sensitive > operations. One could also put forward the argument that it's a direct > violation of the SQL spec, which after all does specify exactly what > privileges ALL is supposed to grant.
iirc, the suggestion was to exclude the non-SQL-spec things from 'GRANT
ALL' to avoid just that issue. Having to grant TRUNCATE and/or DDL
operation permissions explicitly would be reasonable. This might create
a disconnect with what 'revoke all' does, since that should really
remove all of the perms, but I feel that's reasonable. A 'Default
secure' approach.
Thanks,
Stephen
signature.asc
Description: Digital signature
