On 2024-Feb-20, Tom Lane wrote:
> > So, this means we can fix this by simply requiring ACL_SELECT privileges
> > on a DO NOTHING action. We don't need to request specific privileges on
> > any particular column (perminfo->selectedCols continues to be the empty
> > set) -- which means that any role that has privileges on *any* column
> > would get a pass.
>
> LGTM.
Thanks for looking!
After having pushed that, I wonder if we should document this. It seems
quite the minor thing, but I'm sure somebody will complain if we don't.
I propose the attached. (Extra context so that the full paragraph can
be read from the comfort of your email program.)
(While at it, I found the placement of the previous-to-last sentence in
that paragraph rather strange, so I moved it to the end.)
--
Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/
"Sallah, I said NO camels! That's FIVE camels; can't you count?"
(Indiana Jones)
diff --git a/doc/src/sgml/ref/merge.sgml b/doc/src/sgml/ref/merge.sgml
index 655f7dcc05..85938eda07 100644
--- a/doc/src/sgml/ref/merge.sgml
+++ b/doc/src/sgml/ref/merge.sgml
@@ -97,26 +97,29 @@ DELETE
<para>
There is no separate <literal>MERGE</literal> privilege.
If you specify an update action, you must have the
<literal>UPDATE</literal> privilege on the column(s)
of the <replaceable class="parameter">target_table_name</replaceable>
that are referred to in the <literal>SET</literal> clause.
If you specify an insert action, you must have the <literal>INSERT</literal>
privilege on the <replaceable class="parameter">target_table_name</replaceable>.
If you specify a delete action, you must have the <literal>DELETE</literal>
privilege on the <replaceable class="parameter">target_table_name</replaceable>.
- Privileges are tested once at statement start and are checked
- whether or not particular <literal>WHEN</literal> clauses are executed.
You will require the <literal>SELECT</literal> privilege on any column(s)
of the <replaceable class="parameter">data_source</replaceable> and
<replaceable class="parameter">target_table_name</replaceable> referred to
- in any <literal>condition</literal> or <literal>expression</literal>.
+ in any <literal>condition</literal> or <literal>expression</literal>;
+ in addition, if a <literal>DO NOTHING</literal> action is specified, you
+ will require the <literal>SELECT</literal> privilege on at least one column
+ of <replaceable class="parameter">target_table_name</replaceable>.
+ Privileges are tested once at statement start and are checked
+ whether or not particular <literal>WHEN</literal> clauses are executed.
</para>
<para>
<command>MERGE</command> is not supported if the
<replaceable class="parameter">target_table_name</replaceable> is a
materialized view, foreign table, or if it has any
rules defined on it.
</para>
</refsect1>
