Re: Permission to Select

On Mon, 2006-03-13 at 10:46 -0400, Alvaro Herrera wrote:
> Rod Taylor wrote:
> 
> > By allowing the user a where clause you grant them select privileges.
> > You will find that delete works the same way.
> > 
> > This is one of those times when per column permissions are useful. You
> > could grant them select access on the "name" column but not the "salary"
> > column.
> 
> If I understand clearly, the patch he posted modified things so that if
> the user issued an UPDATE command, the SELECT permission was required as
> well.  Thus a user with UPDATE privileges but no SELECT was not allowed
> to execute the UPDATE command.

Okay, I got it backward. The exclamation mark behind the first point
made me think it was an issue.

What information can be retrieved from a structure by being able to
update all rows? You possibly find the range of values (max/min via
integer overflow) but still would not know which tuple is associated
with which value.


I don't have a use-case for update but the delete / insert combination
is quite handy for doing data resets from a host which should not be
able to retrieve the interim states.