Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1txCeC-004eVg-5F for pgsql-general@arkaria.postgresql.org; Tue, 25 Mar 2025 22:21:24 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1txCe8-00ApeK-Uj for pgsql-general@arkaria.postgresql.org; Tue, 25 Mar 2025 22:21:20 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1txCe8-00Ape8-HE for pgsql-general@lists.postgresql.org; Tue, 25 Mar 2025 22:21:20 +0000 Received: from mout.gmx.net ([212.227.17.21]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1txCe6-001A6N-0S for pgsql-general@lists.postgresql.org; Tue, 25 Mar 2025 22:21:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.net; s=s31663417; t=1742941277; x=1743546077; i=karsten.hilbert@gmx.net; bh=fFJofZ+urm+ksYnZnSbLEw9wKrphameiC8Y9ZbeEQXg=; h=X-UI-Sender-Class:Date:From:To:Subject:Message-ID:MIME-Version: Content-Type:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=fvCwiLwGasS5hjFqo2120kqjU5oUXewnJkKJyxukpa9UwDgNjCxg/jnWSHPEbt4c PiiGGBPlI7bQ2l3De3HXzs7mMFDrgXJSj0ex7r1Fmo1ifHAQ7pjrx47QnefN2y+0T hCkGQnVmKdOKEQpph3v80Z9oF+SAfC1pKuPpCUOxfYR3RJh7Es5gwczgvKaTHc1RX Oq218RjlVTjODuE/rarz39REXd5/8nY2kCOb6Wp3RAMhrJ3sUcDdJIccFG6wBXVAj N81ML4b6kif9oX5oy8LH+2SRZQ1aTCwmqt4QdGoaT2R7gVg2AB85/V1lLh/QzMH+4 6wgHUVkeOeaDFfTEFQ== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from hermes ([84.190.228.50]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MWRVb-1tccpL3y2d-00TIRB for ; Tue, 25 Mar 2025 23:21:17 +0100 Received: from ncq by hermes with local (Exim 4.96) (envelope-from ) id 1txCe3-0008AR-39 for pgsql-general@lists.postgresql.org; Tue, 25 Mar 2025 23:21:15 +0100 Date: Tue, 25 Mar 2025 23:21:15 +0100 From: Karsten Hilbert To: pgsql-general@lists.postgresql.org Subject: Q on SELECT column list pushdown from view to table Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Ma_X_il-Followup-to: d Re_X_turn-receipt-to: Karsten.Hilbert@gmx.net Di_X_sposition-Notification-To: Karsten.Hilbert@gmx.net X-Confi_X_rm-Reading-To: Karsten.Hilbert@gmx.net X-Pri_X_ority: 2 (High) Sender: X-Provags-ID: V03:K1:MrCIz26gVCJ+duG0vVha2N+JhmFMW0pojrM1Y/TLZvP9swR3YK4 eh5hlxOkl5VfidSro5GpX654owRkqivfyk1PnVt7ZqdSQJC6slGX/Hv+OV6VA9z4tLhirRV wv+ScEfkzuFovb3dXFTzFWmD8CuNFHcB2c0YxRo2olKLe3VQhcwnUsk/R/voppzgRZ2zrPy VUnbx/Ky4y8QC5DWmG/pA== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:mDtlEzGQAPQ=;6bWCpyylWBQb+ddWxMVyfrnj7rE Px98Ipeu15vN01Fyp159prU61inaz+IPEBcyLkQfUrVrCVF76VKR1U9UBeEXgvk2jj5UNt2ie iiHxJI5wsZho0vRuQmalpQjbQIPyNSIpQxoJ5Qhe7EOmPnigFiW+XQzIv0mUhpoPOG0PirpRV WCdcUl8/a8JEdnTzT/6+auWvlSAw1t8oMoBPuCBlvO6L/4K8UUfnVyhrc0eHfE+Y21KwY8bqX goRrvvlT2dpLohITo37tev7qHtgVHfJg0ElCZTm9+w+UWEMRrJLhzotaRHGUmhLdJo8x/lyQ+ KRSu4mUxKh1l6HzqMX/3xj1sNx6dlr4Dkp0jBmryrJN8H5+jlXPitR3o1DR5AquHne5do/Czx 43FqG2jQOg+NtwZ6tcCEiFiNALMqM4ZaBMbZjJLY5dGHgHgGa3h/IG7RWgeU4zucMucwyAOVk JQKf2aTnVkXUtN8UzeptvbVSJQdGEmHw235+bC2Tdl7VXreb/xVpQEfeely2kCeUDaCWMcSjP /sx+7c5wctnd7PNCFC5JZjAtLWMy6sXWNNus0IagM0yhqZo9tsdPluLZFXJTzCS3SB4IkiDis WhMosajqTRL2e4BHaqnkk/ecEBplHwogYai7WBnJBYDBiXXFA38puDNQKziX5aRkjJB8QkUhj LWABuy5g76x1EdFNQP0YsUe4u3KzUiusEfLGELONxELiDANNOvNoYmJRiLUGMys6ZjUYSU2Zw mMQMBME75jaxhqQG039I6wyIvoDwiBAaOIBFcKLLoECp32E4uShU421Oji0hoD0zS7Tlq5asK G66pIKU5HugriujU4ln5b1LjKr+VHWJvbXB8JyI1gah0VGw33Hcrh/fb9WraIkDCk86nq7raX fHFbS6kpDCYSCranQAPFA03tP8Ueccg1xxLqDQXLJrB9jL3d75Rx00REa13Muist/ztMm4RSL 1xZ/E9+rdxdXmiPe0/UKoJ9I0gmx2pAMNydBqe+/oc+EYt/YdJmoEOCu65Ou7cjryI7po5ZR6 zap6RxK1ZoiGyKRdLyY6S9h83mq20bplIPpsVozuZ1f4tUB3Ety6m8IwzsxYPJaL6B+4rgNAs lEOtq0X6dyP9FMlZWQWduVNFf7vD043NK71yYxTTP/xmFmFoByIVdgmrBrlath/+tyUfkbDOl yBDylFwd3yXSuSKZZxHTpia526MJqIp3uUiCLY0hcCfJOyUXd7aAuK/+MqFEi8vXmLmAU+ywa aiWD4XjG91t9tid0ja9lJSYJJcHzMjcjkmob2cOL9JUldUr/bNZbfvUYnEDulgsNgnaHsWqDk 8pCzj0M2CAL8pdJtPXJVfSpNHmbDfmYAt9YbBWAZVkHUcLU/yUyV8Q9oKwlqdgxd9LJ+SJV8k vidB4BjJAcuaNqN64pSDR/i29vfJiTOhASc8O6hn6f/weORA2uVqkQYaMrD9i4oRfnnC2hYER 4Ic+TEw== Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Dear all, given this schema and role: create table t_partially_private ( public_col text, private_col text ); insert into t_partially_private (public_col, private_col) values ('public= value', 'private value'); create view v_partially_private as select public_col, private_col from t_partially_private ; alter view v_partially_private set (security_invoker =3D TRUE); create role "restricted-role"; grant select (public_col) on t_partially_private to "restricted-role"; grant select (public_col) on v_partially_private to "restricted-role"; I expected this: set role "restricted-role"; -- this works: select public_col from t_partially_private; -- this fails: with "permission denied on table t_partially_private" select public_col from v_partially_private; to work but selecting from the view fails. I would assume the reason is that the SELECT column list does not narrow down what the view tries to (sub)select from the table. If so, is there a reason I don't yet see why this is so ? What would be the proper way to achieve the above short of using another view dedicated to the restricted column (in real life, the views are way more involved, as usual ...). Thanks, Karsten =2D- GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B