Re: [PATCH] Report column-level error when lacking privilege

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Ashutosh Bapat <[email protected]>
To: Steve Chavez <[email protected]>
Cc: PostgreSQL-development <[email protected]>
Subject: Re: [PATCH] Report column-level error when lacking privilege
Date: Mon, 30 Mar 2026 20:51:40 +0530
Message-ID: <CAExHW5u7H4nfXsPaaigr1TtB9HRDywJb9Jpn8uLReD1c_F7sVw@mail.gmail.com> (raw)
In-Reply-To: <CAGRrpzbhG3YaR6bDV4z6=cSND3+RVx0dEN9f_PiSVLE_DCiNzA@mail.gmail.com>
References: <CAGRrpzbhG3YaR6bDV4z6=cSND3+RVx0dEN9f_PiSVLE_DCiNzA@mail.gmail.com>

Hi Steve,


On Mon, Mar 30, 2026 at 6:37 AM Steve Chavez <[email protected]> wrote:
>
> Hello hackers,
>
> When a role `xx` has `grant select (name) on items to xx;`, a generic table-level error is given:
>
> select * from items;
> ERROR:  permission denied for table items
>
> With this patch, we now give:
>
> select * from items;
> ERROR:  permission denied for column "id" of relation "items"
>
> This only when the user has column-level privileges, if it doesn't have any the same regular table-level error is given. This makes the most sense and also keeps current tests mostly the same.
>
> * It also works for UPDATE and INSERT.
> * Clears the TODO mentioned on lines
> https://github.com/postgres/postgres/blob/45cdaf3665bedfbabb908bb84284f3db26781ad3/src/backend/execu...
> * This patch is on top of the patch mentioned on https://www.postgresql.org/message-id/CAGRrpzYP%2B3zEk__KZu-a5uWySfwgRFk6eoPXKrA5AdtBTXR%3Dng%40mail..., which refactors the code to make it simpler to review.

I had started on this some time ago [1], but couldn't finish it for
the want of time. There are some suggestions from Nathan and Tom which
may be applicable to you approach as well. I am fine if you would like
to use my patches if those help.

[1] https://www.postgresql.org/message-id/[email protected]...

-- 
Best Wishes,
Ashutosh Bapat

view thread (3+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: [PATCH] Report column-level error when lacking privilege
  In-Reply-To: <CAExHW5u7H4nfXsPaaigr1TtB9HRDywJb9Jpn8uLReD1c_F7sVw@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox