Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1txXUm-00AuGX-BX
	for pgsql-general@arkaria.postgresql.org; Wed, 26 Mar 2025 20:37:04 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1txXUk-00A17g-U0
	for pgsql-general@arkaria.postgresql.org; Wed, 26 Mar 2025 20:37:02 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1txXUk-00A17X-Il
	for pgsql-general@lists.postgresql.org; Wed, 26 Mar 2025 20:37:02 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1txXUi-001NvQ-0g
	for pgsql-general@lists.postgresql.org;
	Wed, 26 Mar 2025 20:37:02 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 52QKatSg1776635;
	Wed, 26 Mar 2025 16:36:55 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Karsten Hilbert <Karsten.Hilbert@gmx.net>
cc: pgsql-general@lists.postgresql.org
Subject: Re: Q on SELECT column list pushdown from view to table
In-reply-to: <Z-Q4Pm9_LlLe5Mll@hermes.hilbert.loc>
References: <Z-MsW3AzjLH2S7NN@hermes.hilbert.loc> <1321213.1742943334@sss.pgh.pa.us> <Z-Q4Pm9_LlLe5Mll@hermes.hilbert.loc>
Comments: In-reply-to Karsten Hilbert <Karsten.Hilbert@gmx.net>
	message dated "Wed, 26 Mar 2025 18:24:14 +0100"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1776633.1743021415.1@sss.pgh.pa.us>
Date: Wed, 26 Mar 2025 16:36:55 -0400
Message-ID: <1776634.1743021415@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/1776634.1743021415%40sss.pgh.pa.us>
Precedence: bulk

Karsten Hilbert <Karsten.Hilbert@gmx.net> writes:
> Am Tue, Mar 25, 2025 at 06:55:34PM -0400 schrieb Tom Lane:
>> Works fine if you don't mess with the view's security_invoker
>> status.

> I know but doing so was kind of the point.

[ shrug... ] It's not going to work.  When the view is inlined into
the calling query, you end up with the exact equivalent of

select public_col from (
	select
		public_col,
		private_col
	from
		t_partially_private
) as v_partially_private;

With the normal security_definer view processing, the reference
to t_partially_private is treated with the privileges of
v_partially_private's owner, and all is well.  But with
security_invoker, the whole thing is treated with the caller's
privileges, and so the reference to private_col fails.

It is intentional that this happens even if the reference to
private_col is subsequently optimized away.  To do otherwise
would make implementation artifacts in the optimizer far too
visible, and there's also a very strong case that it would
violate the SQL standard.

			regards, tom lane