On Thu, Jul 31, 2025 at 4:11 PM Tom Lane <tgl@xxxxxxxxxxxxx> wrote: > Dominique Devienne <ddevienne@xxxxxxxxx> writes: > > On Thu, Jul 31, 2025 at 11:35 AM Guillaume Lelarge > > <guillaume.lelarge@xxxxxxxxxx> wrote: > >> It doesn't lie. The role has DELETE privilege. I guess what it lacks is > >> the SELECT privilege. If you do a "DELETE FROM ... WHERE ...", you need > >> the SELECT privilege to perform the WHERE. Without "WHERE ...", it would > >> work without the SELECT privilege. > > > Right on the money! Merci Guillaume!!! --DD > > So the real problem here is that the "permission denied" error message > doesn't tell you which permission you lack. I think we've had prior > discussions about improving that, but it never got done. Indeed, a hint would have helped I'm sure. But also, it's weird DELETE allows you to delete all rows. Yet prevents you from deleting just one, i.e. a subset. I get it, a WHERE needs to read, so needs SELECT. Still, it obviously tripped me up here. And it's my bad.
