Bruce Momjian <[EMAIL PROTECTED]> writes:
>> I'm fairly sure that lots and lots of people use postgresql, and very few
>> of them run 7.x, how many of them know that a grant update also grants
>> delete and vice-versa ?
> That is the issue? That UPDATE grants DELETE? I can UPDATE all fields
> to NULL, and that is pretty much the same as DELETE. We can easily add
> documentation on that "feature".
If you read between the lines of the GRANT reference page, it's apparent
that UPDATE and DELETE are the same privilege (since the \z display
doesn't distinguish them); but I agree the page ought to say so
explicitly. It should also mention that UPDATE privilege automatically
gives INSERT privilege.
I'm having a hard time getting as worked up as Jerome is about the
notion that UPDATE and DELETE need to be separate privileges. It's
certainly not a "critical security bug" as he alleges; it looks to me
like a feature addition, and a fairly useless one at that.
Looking at the original patch, I do see one or two items that we ought
to apply; for example, I agree with him that an inbound COPY ought to
require APPEND rather than UPDATE privilege. However, that sort of
fine-tuning could perhaps be left for the general overhaul of ACLs
that Peter and Karel have been talking about.
regards, tom lane
