Thomas Nyberg <twn@thomasnyberg.com> writes:
> Or put another way, does an EXPLAIN UPDATE on a table really require
> UPDATE permissions to run? Why can't it be done without UPDATE
> permissions?
IIRC, the reasoning is this: should you be allowed to run an EXPLAIN
on a table that you have no permissions for at all? We've felt that
the answer to that has to be "no". An example of why not is that
EXPLAIN must take at least a shared lock on the table, which should
not be allowed to someone without any permissions.
Having decided that, the next question is what permissions are enough,
and we've concluded that "the same as it'd take to actually run the
query" is a perfectly appropriate answer. That in turn lets us
decide that "what strength of table lock should be taken?" can be
answered the same for EXPLAIN as for the underlying query. This
simplifies life by not requiring there to be different code paths
for EXPLAIN and normal query running in various places.
regards, tom lane