cpp(at)world-online(dot)no writes:
> In my hands it looks like a user with INSERT/DELETE/UPDATE rights on table1
> cannot do "update table1 set field1=xx where field2=yy" without also being
> granted select rights. However, the user can do "update table1 set field1=xx".
> Is this right?
Yes. Otherwise you can use UPDATEs to infer something about the content
of the table, eg do
update table1 set field1 = field1 where field2 = yy
and note the result count to find out whether there are any rows with
field2 = yy. If you didn't give the other guy SELECT rights then
presumably you do not want him to be able to infer any such thing.
regards, tom lane