Skip site navigation (1) Skip section navigation (2)

Re: Column-Level Privileges

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org, Markus Wanner <markus(at)bluegap(dot)ch>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Subject: Re: Column-Level Privileges
Date: 2009-01-22 20:29:52
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Stephen Frost <sfrost(at)snowman(dot)net> writes:
>   Attached is an updated patch for column-level privileges.

Applied with revisions.  The main externally visible change is that I
implemented per-column REFERENCES privilege, since that's required by
spec.  I did some heavy revision of the parsing support too, as per
previous dicussions, and editorial cleanup and bugfixing elsewhere.

There are still some significant loose ends though:

* Some of the information_schema views are specified to respond to
per-column privileges; the column_privileges and columns views
certainly need work now to meet spec, and there might be others.

* It might be appropriate to let the pg_stats view expose stats for
columns you have select privilege for, even if you haven't got it
across the whole table.

* We probably ought to invent has_column_privilege SQL functions
analogous to has_table_privilege; this is not just for completeness,
but is probably necessary to finish the above items.

* ISTM that COPY with a column list should succeed if you have
SELECT or INSERT privilege on just the mentioned columns.

* Perhaps it would be appropriate to let LOCK TABLE succeed if you have
proper permissions on at least one column of the table.  However, it's
bad enough that LOCK TABLE examines permissions before locking the table
now; I don't think it ought to be grovelling through the columns without
lock.  So this might be a place to leave well enough alone.

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Andrew DunstanDate: 2009-01-22 20:30:35
Subject: pg_get_viewdef formattiing
Previous:From: Jeff DavisDate: 2009-01-22 20:09:42
Subject: Re: Pluggable Indexes (was Re: rmgr hooks (v2))

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group