| From: | Dominique Devienne <ddevienne(at)gmail(dot)com> |
|---|---|
| To: | Guillaume Lelarge <guillaume(dot)lelarge(at)dalibo(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function |
| Date: | 2025-07-31 11:37:37 |
| Message-ID: | CAFCRh--tSWRRCMvtSovtRDX1wce5KCOutaDRBD5JKWb9atLC_w@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Jul 31, 2025 at 11:35 AM Guillaume Lelarge
<guillaume(dot)lelarge(at)dalibo(dot)com> wrote:
> On 31/07/2025 10:41, Dominique Devienne wrote:
> > On Wed, Jul 30, 2025 at 9:42 PM Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> wrote:
> > how can has_table_privilege() "lie" like this?
>
> It doesn't lie. The role has DELETE privilege. I guess what it lacks is
> the SELECT privilege. If you do a "DELETE FROM ... WHERE ...", you need
> the SELECT privilege to perform the WHERE. Without "WHERE ...", it would
> work without the SELECT privilege.
Right on the money! Merci Guillaume!!! --DD
PQ: NOTICE: can DELETE = t
PQ: NOTICE: can SELECT = f
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dominique Devienne | 2025-07-31 12:34:47 | Re: Yet more ROLE changes in v18 beta1??? |
| Previous Message | Guillaume Lelarge | 2025-07-31 09:35:05 | Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function |