Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1txDBP-004oCt-Ia for pgsql-general@arkaria.postgresql.org; Tue, 25 Mar 2025 22:55:43 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1txDBN-00BBgw-KE for pgsql-general@arkaria.postgresql.org; Tue, 25 Mar 2025 22:55:41 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1txDBN-00BBgi-3d for pgsql-general@lists.postgresql.org; Tue, 25 Mar 2025 22:55:41 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1txDBL-0017vO-0u for pgsql-general@lists.postgresql.org; Tue, 25 Mar 2025 22:55:40 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 52PMtYxs1321214; Tue, 25 Mar 2025 18:55:34 -0400 From: Tom Lane To: Karsten Hilbert cc: pgsql-general@lists.postgresql.org Subject: Re: Q on SELECT column list pushdown from view to table In-reply-to: References: Comments: In-reply-to Karsten Hilbert message dated "Tue, 25 Mar 2025 23:21:15 +0100" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1321212.1742943334.1@sss.pgh.pa.us> Date: Tue, 25 Mar 2025 18:55:34 -0400 Message-ID: <1321213.1742943334@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Karsten Hilbert writes: > I expected this: > set role "restricted-role"; > -- this works: > select public_col from t_partially_private; > -- this fails: with "permission denied on table t_partially_private" > select public_col from v_partially_private; > to work but selecting from the view fails. Works fine if you don't mess with the view's security_invoker status. regards, tom lane