The problem is TRUNCATE is more of an administrative privilege. Also, it is not captured in a DELETE trigger, so you have a security issue with that. Also, REFERENCES & TRIGGER are schema changes which should never be done by a normal user.
On Tue, Feb 16, 2016 at 5:39 AM, Vincent Veyron <vv.lists@xxxxxxxxxx> wrote:
On Mon, 15 Feb 2016 12:06:28 -0500
Melvin Davidson <melvin6925@xxxxxxxxx> wrote:
> I wrote a short article to explain the proper use of Group and Userss in the database.
Hi Melvin,
Thanks for the explanation, it makes things easy to understand.
One question :
> Although GRANT ALL, at first appears to simplify granting permissions, it is actually a very bad practice that is often misused. That is because doing so would also allow groups and ordinary users the following additional privileges: TRUNCATE, REFERENCES & TRIGGER.
If a user has DELETE rights on a table, I don't see how granting him TRUNCATE makes that much of a difference? Same could be said of the other two, it's not like they are going to cause more damage than the previous rights.
--
Bien à vous, Vincent Veyron
https://marica.fr/
Gestion des contentieux, des dossiers de sinistres assurance et des contrats pour le service juridique
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
--
Melvin Davidson
I reserve the right to fantasize. Whether or not you
wish to share my fantasy is entirely up to you.![]()
I reserve the right to fantasize. Whether or not you
wish to share my fantasy is entirely up to you.
