| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Eugene E(dot)" <sad(at)bankir(dot)ru> |
| Cc: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: Permission to Select |
| Date: | 2006-03-13 15:27:27 |
| Message-ID: | 7412.1142263647@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
"Eugene E." <sad(at)bankir(dot)ru> writes:
> db=# REVOKE all ON t FROM u;
> db=# GRANT update,insert,delete ON t TO u;
> db=# \c - u
> db=> INSERT INTO t VALUES (1,'x');
> INSERT
> db=> UPDATE t SET a='y' WHERE i=1;
> ERROR: Permission denied for relation t;
> db=> UPDATE t SET a='y';
> UPDATE
This behavior is correct and as documented in the UPDATE reference page:
You must have the UPDATE privilege on the table to update it, as
well as the SELECT privilege to any table whose values are read
in the expressions or condition.
The use of "i" in the WHERE clause is what causes SELECT privilege to be
needed.
If we had per-column privileges then we could be finer-grained about it,
but we don't (yet).
> Please examine the following patch and make your judgment:
This patch is so wrong it's not even worth discussing :-(
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Caune | 2006-03-13 15:37:37 | connectby documentation |
| Previous Message | Rod Taylor | 2006-03-13 15:10:51 | Re: Permission to Select |