[EMAIL PROTECTED] writes: > In my hands it looks like a user with INSERT/DELETE/UPDATE rights on table1 > cannot do "update table1 set field1=xx where field2=yy" without also being > granted select rights. However, the user can do "update table1 set field1=xx". > Is this right?
Yes. Otherwise you can use UPDATEs to infer something about the content of the table, eg do update table1 set field1 = field1 where field2 = yy and note the result count to find out whether there are any rows with field2 = yy. If you didn't give the other guy SELECT rights then presumably you do not want him to be able to infer any such thing. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]