* Craig Ringer (craig@postnewspapers.com.au) wrote:
> The issue with column privs is that Hibernate lists all columns, even
> ones it hasn't set or altered, in the INSERT and UPDATE statements it
> issues. Column privileges are checked based on the INSERT or UPDATE
> column list, not the actual values being changed, so even:
[excellent description cut]
This begs the question of if this is something PG should just allow
rather than denying the update. Can you clarify exactly what hibernate
does? Does it do:
#1: update x set col1 = col1 where pk = 'a';
Or does it do:
#2: update x set col1 = 'abc' where pk = 'a';
(where 'abc' happens to be the value of col1 in the database for
pk = 'a')?
It might be possible to ignore/optimize/whatever #1, perhaps, but
there's really nothing we could do about #2. If it's #1, do other
databases which support column-level privs ignore those, or do they deny
the update like PG does today?
Thanks,
Stephen
