Hi all, I noticed that granting a user column-level update privileges doesn't allow that user to issue LOCK TABLE with any mode other than Access Share. The documentation page for LOCK TABLE claims: "All other forms of LOCK require at least one of UPDATE, DELETE, or TRUNCATE privileges.", and I don't see a good reason why column-level privileges shouldn't be enough to let the user use LOCK TABLE. Is this just an oversight? Example below: CREATE ROLE unpriv WITH LOGIN; CREATE TABLE bar (id int primary key, comment text); GRANT SELECT ON bar TO unpriv; GRANT SELECT, UPDATE (comment) ON TABLE bar TO unpriv; and then, as user "unpriv": BEGIN; LOCK TABLE bar IN ROW SHARE MODE; COMMIT; Josh -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
