Don't give the TRUNCATE permission as part as the role (#7)

* Don't give the TRUNCATE permission as part as the role * Bump version
gorgias · Nov 14, 2023 · 9314f77 · 9314f77
1 parent 4612256
commit 9314f77
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,13 @@ and this project tries to adhere to [Semantic Versioning](http://semver.org/spec
 ## [Unreleased]
 _this space intentionally left blank_
 
+
+## [0.7.0] - 2023-11-14
+
+### In Code
+
+- Don't give the TRUNCATE permission as part as the `write` role (@jordanp)
+
 ## [0.6.0] - 2023-01-23
 
 ### In Code

diff --git a/README.rst b/README.rst
@@ -88,7 +88,7 @@ When pgbedrock is run, it would make sure that:
     * ``jdoe`` has read-level access (``SELECT``) to all tables in the ``finance`` schema and to the
       ``marketing.ad_spend`` and ``marketing.impressions`` tables
     * ``jdoe`` has default privileges to read from all future tables created in the ``finance`` schema
-    * ``jdoe`` has write-level access (``SELECT``, ``INSERT``, ``UPDATE``, ``DELETE``, ``TRUNCATE``,
+    * ``jdoe`` has write-level access (``SELECT``, ``INSERT``, ``UPDATE``, ``DELETE``,
       ``REFERENCES``, and ``TRIGGER``) to all tables in the ``reports`` schema except for the ``Q2_fixed_assets`` table
     * ``jdoe`` has default privileges to write to all future tables created in the ``reports`` schema
     * ``jdoe`` has write-level access (``SELECT``, ``USAGE``, ``UPDATE``) to all sequences in the

diff --git a/docs/index.rst b/docs/index.rst
@@ -71,7 +71,7 @@ When pgbedrock is run, it would make sure that:
     * ``jdoe`` has read-level access (``SELECT``) to all tables in the ``finance`` schema and to the
       ``marketing.ad_spend`` and ``marketing.impressions`` tables
     * ``jdoe`` has default privileges to read from all future tables created in the ``finance`` schema
-    * ``jdoe`` has write-level access (``SELECT``, ``INSERT``, ``UPDATE``, ``DELETE``, ``TRUNCATE``,
+    * ``jdoe`` has write-level access (``SELECT``, ``INSERT``, ``UPDATE``, ``DELETE``,
       ``REFERENCES``, and ``TRIGGER``) to all tables in the ``reports`` schema
     * ``jdoe`` has default privileges to write to all future tables created in the ``reports`` schema
     * ``jdoe`` has write-level access (``SELECT``, ``USAGE``, ``UPDATE``) to all sequences in the

diff --git a/docs/project_goals.rst b/docs/project_goals.rst
@@ -7,7 +7,7 @@ pgbedrock was created with several goals in mind:
      pgbedrock simplifies object access down to read vs. write.  As a result, an administrator
      doesn't need to know that within Postgres 'read' access is really ``SELECT`` for tables but
      ``USAGE`` for schemas, or that write access for schemas means ``CREATE`` but for tables it is a
-     combination of ``INSERT``, ``UPDATE``, ``DELETE``, ``TRUNCATE``, ``REFERENCES``, and
+     combination of ``INSERT``, ``UPDATE``, ``DELETE``, ``REFERENCES``, and
      ``TRIGGER``.
 
 #. **Co-locate all config.**

diff --git a/pgbedrock/__init__.py b/pgbedrock/__init__.py
@@ -1,2 +1,2 @@
-__version__ = '0.6.0'
+__version__ = '0.7.0'
 LOG_FORMAT = '%(levelname)s:%(filename)s:%(funcName)s:%(lineno)s - %(message)s'
diff --git a/pgbedrock/context.py b/pgbedrock/context.py
@@ -226,7 +226,7 @@
 PRIVILEGE_MAP = {
     'tables':
         {'read':  ('SELECT', ),
-         'write': ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER')
+         'write': ('INSERT', 'UPDATE', 'DELETE', 'REFERENCES', 'TRIGGER')
          },
     'sequences':
         {'read':  ('SELECT', ),