Subject Grants query
Author Alan McDonald
Grants logic question:
If I want to a user to update a specific row in a table (PK), then the user
must have UPDATE and SELECT permissions since you use the WHERE ID=?
But if the user doesn't have SELECT permissions, it can update ALL rows,
since no WHERE clause is used.
Can someone explain why table wide update ability is less stringent than a
single row update?