Re: Column-Level Privileges

... btw, what is the reasoning behind the special cases for SELECT FOR
UPDATE in execMain.c?
                   /* Check if this is SELECT-FOR-UPDATE and handle                    * accordingly. */
  if(remainingPerms & ACL_UPDATE &&                           pg_attribute_aclcheck_all(relOid, userid,
                ACL_UPDATE, ACLMASK_ALL) != ACLCHECK_OK)                       aclcheck_error(ACLCHECK_NO_PRIV,
ACL_KIND_CLASS,                                     get_rel_name(relOid));
 

If there actually is a need to treat SELECT FOR UPDATE specially, then
this code is quite wrong because it will also fire on a plain UPDATE
(assuming the UPDATE reads any existing column values, which it usually
would).  Offhand though I don't see why we can't just use code that is
symmetric with the SELECT case: if requiredPerms includes UPDATE but
there are no columns called out for UPDATE, then allow it if we have
UPDATE on any column.
        regards, tom lane