| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | yazicivo(at)ttmail(dot)com (Volkan =?utf-8?B?WWF6xLFjxLE=?=) |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Permission Problem for DELETE |
| Date: | 2008-05-27 17:44:30 |
| Message-ID: | 6382.1211910270@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
yazicivo(at)ttmail(dot)com (Volkan =?utf-8?B?WWF6xLFjxLE=?=) writes:
> On Tue, 27 May 2008, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>> You don't have SELECT privilege, which is required to read any of the
>> columns in the WHERE clause.
> As far as I tested, even
> DELETE FROM foo;
> UPDATE foo SET bar = NULL;
> commands _require_ SELECT permissions.
Well, you tested wrong then. It works as expected for me, which is
that you need SELECT if the query involves fetching any existing
column value:
regression=# create user joe;
CREATE ROLE
regression=# create table foo (f1 int, f2 int);
CREATE TABLE
regression=# grant delete , update on table foo to joe;
GRANT
regression=# \c - joe
You are now connected to database "regression" as user "joe".
regression=> update foo set f1 = null;
UPDATE 0
regression=> update foo set f1 = f2;
ERROR: permission denied for relation foo
regression=> delete from foo;
DELETE 0
regression=> delete from foo where f1 = 42;
ERROR: permission denied for relation foo
regression=>
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | J. Manuel Velasco | 2008-05-27 18:01:27 | HELP with a query with blank fields |
| Previous Message | Merlin Moncure | 2008-05-27 17:38:14 | Re: array of composite types to refcusor |