Re: Updates of SE-PostgreSQL 8.4devel patches (r1710)

KaiGai Kohei wrote:
>  * ACL_SELECT_FOR_UPDATE has same value with ACL_UPDATE, so SE-PostgreSQL
>    checks db_table:{update} permission on SELECT ... FOR SHARE OF,
>    instead of db_table:{lock} permission.

This again falls into the category of trying to have more fine-grained 
permissions than vanilla PostgreSQL has. Just give up on the lock 
permission, and let it check update permission instead. Yes, it can be 
annoying that you need update-permission to do SELECT FOR SHARE, but 
that's an existing problem and not in scope for this patch.

--   Heikki Linnakangas  EnterpriseDB   http://www.enterprisedb.com