Home > mailing lists

column-level update privs + lock table - Mailing list pgsql-general

From	Josh Kupershmidt
Subject	column-level update privs + lock table
Date	October 7, 2010 23:43:51
Msg-id	AANLkTimVe-V4rbnJa-QTAnz-703vCUEH9tMd9g6VbXAj@mail.gmail.com Whole thread Raw
Responses	Re: column-level update privs + lock table (Josh Kupershmidt <schmiddy@gmail.com>)
List	pgsql-general

Tree view

Hi all,

I noticed that granting a user column-level update privileges doesn't
allow that user to issue LOCK TABLE with any mode other than Access
Share.

The documentation page for LOCK TABLE claims: "All other forms of LOCK
require at least one of UPDATE, DELETE, or TRUNCATE privileges.", and
I don't see a good reason why column-level privileges shouldn't be
enough to let the user use LOCK TABLE. Is this just an oversight?

Example below:

  CREATE ROLE unpriv WITH LOGIN;
  CREATE TABLE bar (id int primary key, comment text);
  GRANT SELECT ON bar TO unpriv;
  GRANT SELECT, UPDATE (comment) ON TABLE bar TO unpriv;

and then, as user "unpriv":

  BEGIN;
  LOCK TABLE bar IN ROW SHARE MODE;
  COMMIT;

Josh

pgsql-general by date:

From: Raymond O'Donnell
Date: 07 October 2010, 22:22:49
Subject: Re: [Slony1-general] [ANNOUNCE] Slony-I 2.0.5 Released

From: Craig Ringer
Date: 08 October 2010, 02:18:02
Subject: Re: postgreSQL for Windows 7

column-level update privs + lock table - Mailing list pgsql-general

Previous

Next