Skip site navigation (1) Skip section navigation (2)

Re: Grant Update (Possible bug)?

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Ilir Gashi <I(dot)Gashi(at)city(dot)ac(dot)uk>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: Grant Update (Possible bug)?
Date: 2004-07-02 14:01:26
Message-ID: 200407021601.26127.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-bugs
Am Freitag, 2. Juli 2004 13:20 schrieb Ilir Gashi:
> CREATE TABLE TEST(ID INTEGER,NAME VARCHAR(50));
> INSERT INTO TEST (ID) VALUES (1);
> GRANT UPDATE ON TEST TO TESTUSER;
> Connect as TestUser;
> UPDATE TEST SET NAME='TEST' WHERE ID=1;
> ERROR:  test: Permission denied.
> UPDATE TEST SET NAME='TEST';
> Executes successfully.

According to the letter of the SQL standard, this behavior is not conforming.  
But PostgreSQL enforces that you need SELECT privilege for columns that you 
read for the purpose of performing an UPDATE.  The reason is that otherwise 
you could infer a great deal about the data in the table by just looking at 
the update count.

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2004-07-02 14:04:57
Subject: Re: Grant Update (Possible bug)?
Previous:From: Peter EisentrautDate: 2004-07-02 13:56:18
Subject: Re: Possible bug?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group