Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vgNCJ-00BVZ5-0t for pgsql-hackers@arkaria.postgresql.org; Thu, 15 Jan 2026 13:15:35 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vgNCI-00GvaX-1G for pgsql-hackers@arkaria.postgresql.org; Thu, 15 Jan 2026 13:15:34 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vgNCI-00GvaI-0C for pgsql-hackers@lists.postgresql.org; Thu, 15 Jan 2026 13:15:34 +0000 Received: from goedel.df7cb.de ([2a01:4f8:c013:1d4::1]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vgNCG-000cTc-0A for pgsql-hackers@postgresql.org; Thu, 15 Jan 2026 13:15:34 +0000 Received: from msg.df7cb.de (unknown [IPv6:2a02:908:1472:9340:f0ad:fc6e:9c86:f1dc]) by goedel.df7cb.de (Postfix) with ESMTPSA id A7F7B49A1; Thu, 15 Jan 2026 13:15:30 +0000 (UTC) Date: Thu, 15 Jan 2026 14:15:30 +0100 From: Christoph Berg To: Peter Eisentraut Cc: Hunaid Sohail , pgsql-hackers@postgresql.org Subject: Re: Proposal: SELECT * EXCLUDE (...) command Message-ID: Mail-Followup-To: Christoph Berg , Peter Eisentraut , Hunaid Sohail , pgsql-hackers@postgresql.org References: <63e1587b-4258-41de-b823-948f8cc692d9@eisentraut.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <63e1587b-4258-41de-b823-948f8cc692d9@eisentraut.org> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Re: Peter Eisentraut > => select * exclude (foo) from t1, t2; > ERROR: 02000: SELECT list is empty after excluding all columns > > My paper proposes that this should be an error because foo is ambiguous. Consider this example: create table t1(id int, data text, more_data text); create table t2(id int, other_data text, different_data text); Now if you wanted just the data without the surrogate keys, you would want to say: select * exclude (id) from t1 join t2 on t1.id = t2.id; Having to specify (t1.id, t2.id) would make it cumbersome to use, especially considering "exclude" would mostly be useful for interactive use. > You also need to be careful with column privileges. For example: > > create table t5 (a int, b int, c int); > grant select (a) on table t5 to user2; > -- as user2 > select * exclude (b, c) from t5; > > At least under the SQL standard security model, this should be an error, > because you need to check the privileges of b and c. This is because you > shouldn't be able to use this feature to probe for the existence of columns > that you otherwise don't have access to. I would actually argue the exact other way round. If you have access to a table except some column (like everything in a users table except for the password), you would want to be able to write select * exclude (password) from users; This is a very natural way to use the feature. If referencing "password" was forbidden, it would exactly defeat the reason for using EXCLUDE here. Christoph