KaiGai Kohei wrote:
> * ACL_SELECT_FOR_UPDATE has same value with ACL_UPDATE, so SE-PostgreSQL
> checks db_table:{update} permission on SELECT ... FOR SHARE OF,
> instead of db_table:{lock} permission.
This again falls into the category of trying to have more fine-grained
permissions than vanilla PostgreSQL has. Just give up on the lock
permission, and let it check update permission instead. Yes, it can be
annoying that you need update-permission to do SELECT FOR SHARE, but
that's an existing problem and not in scope for this patch.
-- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com