yazicivo@ttmail.com (Volkan =?utf-8?B?WWF6xLFjxLE=?=) writes:
> On Tue, 27 May 2008, Tom Lane <tgl@sss.pgh.pa.us> writes:
>> You don't have SELECT privilege, which is required to read any of the
>> columns in the WHERE clause.
> As far as I tested, even
> DELETE FROM foo;
> UPDATE foo SET bar = NULL;
> commands _require_ SELECT permissions.
Well, you tested wrong then. It works as expected for me, which is
that you need SELECT if the query involves fetching any existing
column value:
regression=# create user joe;
CREATE ROLE
regression=# create table foo (f1 int, f2 int);
CREATE TABLE
regression=# grant delete , update on table foo to joe;
GRANT
regression=# \c - joe
You are now connected to database "regression" as user "joe".
regression=> update foo set f1 = null;
UPDATE 0
regression=> update foo set f1 = f2;
ERROR: permission denied for relation foo
regression=> delete from foo;
DELETE 0
regression=> delete from foo where f1 = 42;
ERROR: permission denied for relation foo
regression=>
regards, tom lane