Rod Taylor wrote:
> By allowing the user a where clause you grant them select privileges.
> You will find that delete works the same way.
>
> This is one of those times when per column permissions are useful. You
> could grant them select access on the "name" column but not the "salary"
> column.
If I understand clearly, the patch he posted modified things so that if
the user issued an UPDATE command, the SELECT permission was required as
well. Thus a user with UPDATE privileges but no SELECT was not allowed
to execute the UPDATE command.
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
