From: Dean Rasheed Date: Wed, 11 Feb 2026 10:52:58 +0000 (+0000) Subject: doc: Mention all SELECT privileges required by INSERT ... ON CONFLICT. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc953bf52314ca881a18703f86b68743ef6f3a32;p=thirdparty%2Fpostgresql.git doc: Mention all SELECT privileges required by INSERT ... ON CONFLICT. On the INSERT page, mention that SELECT privileges are also required for any columns mentioned in the arbiter clause, including those referred to by the constraint, and clarify that this applies to all forms of ON CONFLICT, not just ON CONFLICT DO UPDATE. Author: Dean Rasheed Reviewed-by: Viktor Holmberg Discussion: https://postgr.es/m/CAEZATCXGwMQ+x00YY9XYG46T0kCajH=21QaYL9Xatz0dLKii+g@mail.gmail.com Backpatch-through: 14 --- diff --git a/doc/src/sgml/ref/insert.sgml b/doc/src/sgml/ref/insert.sgml index 04962e39e12..42eec5f4edd 100644 --- a/doc/src/sgml/ref/insert.sgml +++ b/doc/src/sgml/ref/insert.sgml @@ -114,10 +114,13 @@ INSERT INTO table_name [ AS INSERT privilege on the listed columns. Similarly, when ON CONFLICT DO UPDATE is specified, you only need UPDATE privilege on the column(s) that are - listed to be updated. However, ON CONFLICT DO UPDATE - also requires SELECT privilege on any column whose - values are read in the ON CONFLICT DO UPDATE - expressions or condition. + listed to be updated. However, all forms of ON CONFLICT + also require SELECT privilege on any column whose values + are read. This includes any column mentioned in + conflict_target (including columns referred to + by the arbiter constraint), and any column mentioned in an + ON CONFLICT DO UPDATE expression, + or a WHERE clause condition.