[BUGS] BUG #8512: Can't use columns I can't read in the where clause of a select
The following bug has been logged on the website: Bug reference: 8512 Logged by: Kurt Roeckx Email address: k...@roeckx.be PostgreSQL version: 9.0.6 Operating system: Linux Description: Hi, When I read the documentation for GRANT, I see: SELECT Allows SELECT from any column, or the specific columns listed, of the specified table, view, or sequence. Also allows the use of COPY TO. This privilege is also needed to reference existing column values in UPDATE or DELETE. I read that as SELECT field1 from table where field2 = 1 should work if I have grant select(field1), but not on field2. I'm getting a permission denied. If I remove the where clause it of course works. I'm not sure if the behaviour is expected or not. Maybe I'm reading the documentation wrong, or maybe the documentation is just wrong. Could someone please clarify? Kurt -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
Re: [BUGS] BUG #8512: Can't use columns I can't read in the where clause of a select
* k...@roeckx.be (k...@roeckx.be) wrote: Allows SELECT from any column, or the specific columns listed, of the specified table, view, or sequence. Also allows the use of COPY TO. This privilege is also needed to reference existing column values in UPDATE or DELETE. I read that as SELECT field1 from table where field2 = 1 should work if I have grant select(field1), but not on field2. I'm getting a permission denied. If I remove the where clause it of course works. You have to have SELECT rights on a column to be able to use it in a conditional (eg: with WHERE). I'm not sure if the behaviour is expected or not. Maybe I'm reading the documentation wrong, or maybe the documentation is just wrong. Could someone please clarify? It's expected. The documentation could perhaps be improved, but the second sentence (This privilege is also needed..) is intended to cover the case where the column is being referred to *anywhere* in the query, basically, and that applies to SELECT as much as UPDATE or DELETE. Thanks, Stephen signature.asc Description: Digital signature
