Hi Alan!

To me, it seems like a strange requirement to give someone UPDATE
permission without SELECT permission. But given that this is the
situation, I can well understand why they cannot use a WHERE clause
without the SELECT permission:

Suppose Robin Hood wanted to check whether you were a suitable victim,
but only had UPDATE rights to the Employee table. If he could update
with a WHERE clause, he could simply do

UPDATE Employee
SET PK = PK
WHERE Name = 'Alan McDonald'
AND Salary > '50000'
AND Debt < '30000'

If the number of updated rows then were > 0, he would know that you
were a wealthy man, well worth robbing.

Hence, if you can use UPDATE with a WHERE clause, you would in many
cases be able to guess things that you normally would need a SELECT
permission to do (though it would be more cumbersome).

Set

--- In firebird-support@yahoogroups.com, "Alan McDonald" wrote:
> Grants logic question:
> If I want to a user to update a specific row in a table (PK), then
> the user must have UPDATE and SELECT permissions since you use the
> WHERE ID=? syntax.
> But if the user doesn't have SELECT permissions, it can update ALL
> rows, since no WHERE clause is used. Can someone explain why table
> wide update ability is less stringent than a single row update?
> thanks
> Alan