"Eugene E." <sad@bankir.ru> writes:
> db=# REVOKE all ON t FROM u;
> db=# GRANT update,insert,delete ON t TO u;
> db=# \c - u
> db=> INSERT INTO t VALUES (1,'x');
> INSERT
> db=> UPDATE t SET a='y' WHERE i=1;
> ERROR: Permission denied for relation t;
> db=> UPDATE t SET a='y';
> UPDATE
This behavior is correct and as documented in the UPDATE reference page:
You must have the UPDATE privilege on the table to update it, aswell as the SELECT privilege to any table whose values
arereadin the expressions or condition.
The use of "i" in the WHERE clause is what causes SELECT privilege to be
needed.
If we had per-column privileges then we could be finer-grained about it,
but we don't (yet).
> Please examine the following patch and make your judgment:
This patch is so wrong it's not even worth discussing :-(
regards, tom lane