yazicivo@xxxxxxxxxx (Volkan =?utf-8?B?WWF6xLFjxLE=?=) writes: > On Tue, 27 May 2008, Tom Lane <tgl@xxxxxxxxxxxxx> writes: >> You don't have SELECT privilege, which is required to read any of the >> columns in the WHERE clause. > As far as I tested, even > DELETE FROM foo; > UPDATE foo SET bar = NULL; > commands _require_ SELECT permissions. Well, you tested wrong then. It works as expected for me, which is that you need SELECT if the query involves fetching any existing column value: regression=# create user joe; CREATE ROLE regression=# create table foo (f1 int, f2 int); CREATE TABLE regression=# grant delete , update on table foo to joe; GRANT regression=# \c - joe You are now connected to database "regression" as user "joe". regression=> update foo set f1 = null; UPDATE 0 regression=> update foo set f1 = f2; ERROR: permission denied for relation foo regression=> delete from foo; DELETE 0 regression=> delete from foo where f1 = 42; ERROR: permission denied for relation foo regression=> regards, tom lane
