* Craig Ringer (craig@xxxxxxxxxxxxxxxxxxxxx) wrote: > The issue with column privs is that Hibernate lists all columns, even > ones it hasn't set or altered, in the INSERT and UPDATE statements it > issues. Column privileges are checked based on the INSERT or UPDATE > column list, not the actual values being changed, so even: [excellent description cut] This begs the question of if this is something PG should just allow rather than denying the update. Can you clarify exactly what hibernate does? Does it do: #1: update x set col1 = col1 where pk = 'a'; Or does it do: #2: update x set col1 = 'abc' where pk = 'a'; (where 'abc' happens to be the value of col1 in the database for pk = 'a')? It might be possible to ignore/optimize/whatever #1, perhaps, but there's really nothing we could do about #2. If it's #1, do other databases which support column-level privs ignore those, or do they deny the update like PG does today? Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature
