On Thu, Jul 31, 2025 at 4:11 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Dominique Devienne <ddevienne@gmail.com> writes:
> > On Thu, Jul 31, 2025 at 11:35 AM Guillaume Lelarge
> > <guillaume.lelarge@dalibo.com> wrote:
> >> It doesn't lie. The role has DELETE privilege. I guess what it lacks is
> >> the SELECT privilege. If you do a "DELETE FROM ... WHERE ...", you need
> >> the SELECT privilege to perform the WHERE. Without "WHERE ...", it would
> >> work without the SELECT privilege.
>
> > Right on the money! Merci Guillaume!!! --DD
>
> So the real problem here is that the "permission denied" error message
> doesn't tell you which permission you lack. I think we've had prior
> discussions about improving that, but it never got done.
Indeed, a hint would have helped I'm sure.
But also, it's weird DELETE allows you to delete all rows.
Yet prevents you from deleting just one, i.e. a subset.
I get it, a WHERE needs to read, so needs SELECT.
Still, it obviously tripped me up here. And it's my bad.
