On 2024-Feb-20, Tom Lane wrote:
> > So, this means we can fix this by simply requiring ACL_SELECT privileges
> > on a DO NOTHING action. We don't need to request specific privileges on
> > any particular column (perminfo->selectedCols continues to be the empty
> > set) -- which means that any role that has privileges on *any* column
> > would get a pass.
>
> LGTM.
Thanks for looking!
After having pushed that, I wonder if we should document this. It seems
quite the minor thing, but I'm sure somebody will complain if we don't.
I propose the attached. (Extra context so that the full paragraph can
be read from the comfort of your email program.)
(While at it, I found the placement of the previous-to-last sentence in
that paragraph rather strange, so I moved it to the end.)
--
Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/
"Sallah, I said NO camels! That's FIVE camels; can't you count?"
(Indiana Jones)