Hi,
I rarely use GRANT -- nearly once every 1-2 year -- and everytime I
forget this small detail: DELETE/INSERT/UPDATE privileges require SELECT
privilege also.
On Tue, 27 May 2008, Tom Lane <tgl@xxxxxxxxxxxxx> writes:
> You don't have SELECT privilege, which is required to read any of the
> columns in the WHERE clause.
As far as I tested, even
DELETE FROM foo;
UPDATE foo SET bar = NULL;
commands _require_ SELECT permissions.
> (Not sure if this is explained anywhere in our manual :-(, but the
> behavior is required by SQL spec.)
Would attached patch be a first step for that purpose?
Regards.
Index: doc/src/sgml/ref/grant.sgml
===================================================================
RCS file: /projects/cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v
retrieving revision 1.68
diff -u -r1.68 grant.sgml
--- doc/src/sgml/ref/grant.sgml 5 May 2008 01:21:03 -0000 1.68
+++ doc/src/sgml/ref/grant.sgml 27 May 2008 17:21:31 -0000
@@ -461,6 +461,14 @@
access privileges display. A <literal>*</> will appear only when
grant options have been explicitly granted to someone.
</para>
+
+ <para>
+ It must also be noted that <term>INSERT</term>, <term>UPDATE</term>
+ and <term>DELETE</term> priviliges require <term>SELECT</term>
+ privilege to be able to scan related table to locate about to be
+ updated rows on the table. Usage of these permissions without an
+ appropriate <term>SELECT</term> privilege will raise a permission error.
+ </para>
</refsect1>
<refsect1 id="sql-grant-examples">
