Hi all,
I noticed that granting a user column-level update privileges doesn't
allow that user to issue LOCK TABLE with any mode other than Access
Share.
The documentation page for LOCK TABLE claims: "All other forms of LOCK
require at least one of UPDATE, DELETE, or TRUNCATE privileges.", and
I don't see a good reason why column-level privileges shouldn't be
enough to let the user use LOCK TABLE. Is this just an oversight?
Example below:
CREATE ROLE unpriv WITH LOGIN;
CREATE TABLE bar (id int primary key, comment text);
GRANT SELECT ON bar TO unpriv;
GRANT SELECT, UPDATE (comment) ON TABLE bar TO unpriv;
and then, as user "unpriv":
BEGIN;
LOCK TABLE bar IN ROW SHARE MODE;
COMMIT;
Josh