Re[2]: postgres not use table access permissions ?

> Partyka Robert <bobson@saturn.alpha.pl> writes:
> > #create user bobson with password '1' nocreatedb nocreateuser;
> > CREATE
> > #create table a (a int4);
> > CREATE
> > #revoke all on a from public;
> > CHANGE
> > and now from user bobson after conecting to test database:
> > #insert into a values ('1');
> > INSERT 19104 1
> 
> > hmmm... looks like bug. Or I miss something?
> 
> Oops.  Strange though, this looks like it must be a very long-standing
> bug: aclinsert3 thinks it can delete any zero-permissions item from an
> ACL array, whereas aclcheck has a hard-wired assumption that the world
> item is always there.  Could we have missed this for this long?

In 6.5.3 I've found other strange thing. When I give user INSERT, UPDATE
permissions such user can do DELETE without DELETE permissions so in fact
if I do 
# grant UPDATE, INSERT, SELECT on a to user1;
it was treat as:
# grant UPDATE, INSERT, DELETE, SELECT on a to user1;

Today I want to test it on lastest CVS, but ... you know ;)

regards
Robert 'BoBsoN' Partyka