Re: Column-Level Privileges

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> ... btw, what is the reasoning behind the special cases for SELECT FOR
> UPDATE in execMain.c?

Basically, because the original logic allowed SELECT-FOR-UPDATE if you
only had SELECT rights, which wasn't right.

> If there actually is a need to treat SELECT FOR UPDATE specially, then
> this code is quite wrong because it will also fire on a plain UPDATE
> (assuming the UPDATE reads any existing column values, which it usually
> would).  Offhand though I don't see why we can't just use code that is
> symmetric with the SELECT case: if requiredPerms includes UPDATE but
> there are no columns called out for UPDATE, then allow it if we have
> UPDATE on any column.

I agree, this makes alot more sense to me.
Thanks,
    Stephen