public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tom Lane <[email protected]>
To: Marcelo Fernandes <[email protected]>
Cc: Adrian Klaver <[email protected]>
Cc: Dominique Devienne <[email protected]>
Cc: [email protected]
Subject: Re: Why does TRUNCATE require a special privilege?
Date: Fri, 16 Jan 2026 18:14:40 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAM2F1VMb3VyRXGMGC51mo+PLaB=vRZQD=7YGyOo-z=XXpX8MHg@mail.gmail.com>
References: <CAM2F1VNkovvL_56K_6OJiYU8toUdEG1Jk7ABRQ426Geh8LMB+g@mail.gmail.com>
<CAFCRh-9HTzAU7ia--Uad2-KnZv=zXeFaG0iT2ut0KXGEZhsHuw@mail.gmail.com>
<[email protected]>
<CAM2F1VMb3VyRXGMGC51mo+PLaB=vRZQD=7YGyOo-z=XXpX8MHg@mail.gmail.com>
Marcelo Fernandes <[email protected]> writes:
> But from a roles/privilege framework perspective, why would you want to give
> certain users the DELETE privilege whereas others you want to give them
> only the TRUNCATE privilege?
> Are we saying to a user that "You need a different level of privilege because
> you are about to cause a MVCC-unsafe operation?".
Personally I think that's a plenty good enough reason ;-).
The very different locking level is another good reason.
TRUNCATE will block all other activity on the table, while
DELETE doesn't.
However, looking at our git history, it appears that TRUNCATE was
originally only permitted to the table owner. The separate permission
bit was added (years later) so that the owner could grant out the
ability to others, without doing anything as non-backwards-compatible
as reinterpreting what operations a DELETE grant allows.
regards, tom lane
view thread (5+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Why does TRUNCATE require a special privilege?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox