John R Pierce wrote: > On 2/28/2016 8:58 PM, Tom Lane wrote: >>>> I should the check for whether a given user can or cannot analyze a table >>>> should be whether the user has INSERT, UPDATE, or DELETE privileges. >> By that argument, we should allow anyone with any write access to do >> TRUNCATE. Or perhaps even DROP TABLE. I'm not impressed. > I don't see why anyone with delete privileges shouldn't be able to > truncate (after all, thats the same as deleting all records). > > analyze has arguably fewer side effects, its a performance enhancement, > its neither altering the schema or changing the data. In a production environment you don't want a user to change your table statistics. They could just set default_statistics_target to something stupid, run ANALYZE and wreck the statistics for everyone. And then come back to the DBA and complain that things don't work. We have a policy that users are not table owners, and with the current behaviour we can be certain that any bad table statistics are the fault of the DBA or wrong configuration. Yours, Laurenz Albe -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
