Home > mailing lists

Re: Grant Update (Possible bug)? - Mailing list pgsql-bugs

From	Peter Eisentraut
Subject	Re: Grant Update (Possible bug)?
Date	July 2, 2004 14:01:34
Msg-id	200407021601.26127.peter_e@gmx.net Whole thread Raw
In response to	Grant Update (Possible bug)? (Ilir Gashi <I.Gashi@city.ac.uk>)
Responses	Re: Grant Update (Possible bug)? (Peter Eisentraut <peter_e@gmx.net>) Re: Grant Update (Possible bug)? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

Am Freitag, 2. Juli 2004 13:20 schrieb Ilir Gashi:
> CREATE TABLE TEST(ID INTEGER,NAME VARCHAR(50));
> INSERT INTO TEST (ID) VALUES (1);
> GRANT UPDATE ON TEST TO TESTUSER;
> Connect as TestUser;
> UPDATE TEST SET NAME='TEST' WHERE ID=1;
> ERROR:  test: Permission denied.
> UPDATE TEST SET NAME='TEST';
> Executes successfully.

According to the letter of the SQL standard, this behavior is not conforming.
But PostgreSQL enforces that you need SELECT privilege for columns that you
read for the purpose of performing an UPDATE.  The reason is that otherwise
you could infer a great deal about the data in the table by just looking at
the update count.

pgsql-bugs by date:

From: Peter Eisentraut
Date: 02 July 2004, 13:56:21
Subject: Re: Possible bug?

From: Tom Lane
Date: 02 July 2004, 14:04:58
Subject: Re: Grant Update (Possible bug)?

Re: Grant Update (Possible bug)? - Mailing list pgsql-bugs

Previous

Next