On Tue, Nov 30, 2010 at 9:07 AM, Josh Kupershmidt <schmiddy@gmail.com> wrote:
> On Mon, Nov 29, 2010 at 10:06 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>> On Mon, Nov 29, 2010 at 9:37 PM, Josh Kupershmidt <schmiddy@gmail.com> wrote:
>>> I actually hadn't thought of that, for some reason.
>>>
>>> We used to similarly recommend that people handle TRUNCATE privileges
>>> with a security definer function. That doesn't mean GRANT TRUNCATE
>>> wasn't a sweet addition to 8.4.
>>
>> Hmm, glad you like it (I wrote that). I'm just asking how far we
>> should go before we decide we catering to use cases that are too
>> narrow to warrant an extension of the permissions system.
>
> I am slightly opposed to adding GRANTs for LOCK TABLE, ANALYZE,
> VACUUM, etc. The GRANT help page is long enough already, and I doubt
> many users would use them, even though I might use GRANT LOCK TABLE
> myself.
You'd really probably want GRANT LOCK TABLE (SHARE), GRANT LOCK TABLE
(EXCLUSIVE), ...
It'd be sort of cool, but it doesn't seem worth the complexity.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company