Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> The real problem is that a MERGE ... DO NOTHING action reports that no
> permissions need to be checked on the target relation, which is not a
> problem when there are other actions in the MERGE command since they add
> privs to check. When DO NOTHING is the only action, the added assert in
> a61b1f748 is triggered.
> So, this means we can fix this by simply requiring ACL_SELECT privileges
> on a DO NOTHING action. We don't need to request specific privileges on
> any particular column (perminfo->selectedCols continues to be the empty
> set) -- which means that any role that has privileges on *any* column
> would get a pass. If you're doing MERGE with any other action besides
> DO NOTHING, you already have privileges on at least some column, so
> adding ACL_SELECT breaks nothing.
LGTM.
regards, tom lane