Alvaro Herrera <alvhe...@alvh.no-ip.org> writes: > The real problem is that a MERGE ... DO NOTHING action reports that no > permissions need to be checked on the target relation, which is not a > problem when there are other actions in the MERGE command since they add > privs to check. When DO NOTHING is the only action, the added assert in > a61b1f748 is triggered.
> So, this means we can fix this by simply requiring ACL_SELECT privileges > on a DO NOTHING action. We don't need to request specific privileges on > any particular column (perminfo->selectedCols continues to be the empty > set) -- which means that any role that has privileges on *any* column > would get a pass. If you're doing MERGE with any other action besides > DO NOTHING, you already have privileges on at least some column, so > adding ACL_SELECT breaks nothing. LGTM. regards, tom lane