|
[
Permalink
| « Hide
]
Dmitry Yemanov added a comment - 18/Jan/12 10:36 AM
PostgreSQL requires both SELECT and UPDATE privileges for both kinds of row-level locks (FOR UPDATE and FOR SHARE). I think we should use the same protection.
Oracle seems to work the same way as Firebird, i.e. not requiring an UPDATE privilege for SELECT FOR UPDATE.
And what does standard say about such case?
Standard says nothing about locking rows inside SELECT. The FOR UPDATE clause is standard but it is not intended for modifications of any kind. WITH LOCK / FOR SHARE are non-standard vendor extensions. Oracle uses standard FOR UPDATE for non-standard behavior.
Very good - that means we can select reasonable (like POSTGRES) behavior
WITH LOCK is now denied if user is not granted update on relations in SELECT operator
|