Thread: column-level update privs + lock table

Hi all,

I noticed that granting a user column-level update privileges doesn't
allow that user to issue LOCK TABLE with any mode other than Access
Share.

The documentation page for LOCK TABLE claims: "All other forms of LOCK
require at least one of UPDATE, DELETE, or TRUNCATE privileges.", and
I don't see a good reason why column-level privileges shouldn't be
enough to let the user use LOCK TABLE. Is this just an oversight?

Example below:

  CREATE ROLE unpriv WITH LOGIN;
  CREATE TABLE bar (id int primary key, comment text);
  GRANT SELECT ON bar TO unpriv;
  GRANT SELECT, UPDATE (comment) ON TABLE bar TO unpriv;

and then, as user "unpriv":

  BEGIN;
  LOCK TABLE bar IN ROW SHARE MODE;
  COMMIT;

Josh

On Thu, Oct 7, 2010 at 7:43 PM, Josh Kupershmidt <schmiddy@gmail.com> wrote:

> I noticed that granting a user column-level update privileges doesn't
> allow that user to issue LOCK TABLE with any mode other than Access
> Share.

Anyone think this could be added as a TODO?

Josh

On Mon, 2010-10-11 at 09:41 -0400, Josh Kupershmidt wrote:
> On Thu, Oct 7, 2010 at 7:43 PM, Josh Kupershmidt <schmiddy@gmail.com> wrote:
>
> > I noticed that granting a user column-level update privileges doesn't
> > allow that user to issue LOCK TABLE with any mode other than Access
> > Share.
>
> Anyone think this could be added as a TODO?

Seems so to me, but you raise on Hackers.

--
 Simon Riggs           www.2ndQuadrant.com
 PostgreSQL Development, 24x7 Support, Training and Services