Am Freitag, 2. Juli 2004 13:20 schrieb Ilir Gashi:
> CREATE TABLE TEST(ID INTEGER,NAME VARCHAR(50));
> INSERT INTO TEST (ID) VALUES (1);
> GRANT UPDATE ON TEST TO TESTUSER;
> Connect as TestUser;
> UPDATE TEST SET NAME='TEST' WHERE ID=1;
> ERROR: test: Permission denied.
> UPDATE TEST SET NAME='TEST';
> Executes successfully.
According to the letter of the SQL standard, this behavior is not conforming.
But PostgreSQL enforces that you need SELECT privilege for columns that you
read for the purpose of performing an UPDATE. The reason is that otherwise
you could infer a great deal about the data in the table by just looking at
the update count.
In response to
pgsql-bugs by date
|Next:||From: Tom Lane||Date: 2004-07-02 14:04:57|
|Subject: Re: Grant Update (Possible bug)? |
|Previous:||From: Peter Eisentraut||Date: 2004-07-02 13:56:18|
|Subject: Re: Possible bug?|