"Eugene E." <[EMAIL PROTECTED]> writes:
> db=# REVOKE all ON t FROM u;
> db=# GRANT update,insert,delete ON t TO u;
> db=# \c - u
> db=> INSERT INTO t VALUES (1,'x');
> INSERT
> db=> UPDATE t SET a='y' WHERE i=1;
> ERROR: Permission denied for relation t;
> db=> UPDATE t SET a='y';
> UPDATE
This behavior is correct and as documented in the UPDATE reference page:
You must have the UPDATE privilege on the table to update it, as
well as the SELECT privilege to any table whose values are read
in the expressions or condition.
The use of "i" in the WHERE clause is what causes SELECT privilege to be
needed.
If we had per-column privileges then we could be finer-grained about it,
but we don't (yet).
> Please examine the following patch and make your judgment:
This patch is so wrong it's not even worth discussing :-(
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
