public inbox for [email protected]
help / color / mirror / Atom feedFrom: David G. Johnston <[email protected]>
To: Steve Chavez <[email protected]>
Cc: PostgreSQL-development <[email protected]>
Subject: Re: [PATCH] Report column-level error when lacking privilege
Date: Sun, 29 Mar 2026 20:34:56 -0700
Message-ID: <CAKFQuwaiP+kYLCtUh_5Hdd7XKUHHH_Y5JAvb-0x2JQevJevVeA@mail.gmail.com> (raw)
In-Reply-To: <CAGRrpzbhG3YaR6bDV4z6=cSND3+RVx0dEN9f_PiSVLE_DCiNzA@mail.gmail.com>
References: <CAGRrpzbhG3YaR6bDV4z6=cSND3+RVx0dEN9f_PiSVLE_DCiNzA@mail.gmail.com>
On Sun, Mar 29, 2026 at 6:07 PM Steve Chavez <[email protected]> wrote:
> When a role `xx` has `grant select (name) on items to xx;`, a generic
> table-level error is given:
>
> select * from items;
> ERROR: permission denied for table items
>
> With this patch, we now give:
>
> select * from items;
> ERROR: permission denied for column "id" of relation "items"
>
>
Not too fond of picking one column as a representative for the error
message. Better to say something like:
ERROR: permission denied for column subset of table items
Haven't looked but it should be doable to run a query for a given relation
and role and report for each column whether a grant is available or not;
which would be the one-stop shop for figuring out which columns at least
don't have permissions granted. The user would still have to know which
ones their query is actually using.
David J.
view thread (3+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: [PATCH] Report column-level error when lacking privilege
In-Reply-To: <CAKFQuwaiP+kYLCtUh_5Hdd7XKUHHH_Y5JAvb-0x2JQevJevVeA@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox