Home > mailing lists

Re: Need SELECT rights to UPDATE/DELETE WHERE? - Mailing list pgsql-sql

From	Tom Lane
Subject	Re: Need SELECT rights to UPDATE/DELETE WHERE?
Date	February 1, 2005 08:34:49
Msg-id	10344.1107236071@sss.pgh.pa.us Whole thread Raw
In response to	Need SELECT rights to UPDATE/DELETE WHERE? (cpp@world-online.no)
List	pgsql-sql

Tree view

cpp@world-online.no writes:
> In my hands it looks like a user with INSERT/DELETE/UPDATE rights on table1
> cannot do "update table1 set field1=xx where field2=yy" without also being
> granted select rights. However, the user can do "update table1 set field1=xx".
> Is this right?

Yes.  Otherwise you can use UPDATEs to infer something about the content
of the table, eg doupdate table1 set field1 = field1 where field2 = yy
and note the result count to find out whether there are any rows with
field2 = yy.  If you didn't give the other guy SELECT rights then
presumably you do not want him to be able to infer any such thing.
        regards, tom lane

pgsql-sql by date:

From: "Iain"
Date: 01 February 2005, 07:51:25
Subject: Re:

From: Achilleus Mantzios
Date: 01 February 2005, 10:28:33
Subject: Re: BLOBs vs BYTEA

Re: Need SELECT rights to UPDATE/DELETE WHERE? - Mailing list pgsql-sql

Previous

Next