| From: | Steve Chavez <steve(at)supabase(dot)io> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | [PATCH] Report column-level error when lacking privilege |
| Date: | 2026-03-30 01:07:31 |
| Message-ID: | CAGRrpzbhG3YaR6bDV4z6=cSND3+RVx0dEN9f_PiSVLE_DCiNzA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello hackers,
When a role `xx` has `grant select (name) on items to xx;`, a generic
table-level error is given:
select * from items;
ERROR: permission denied for table items
With this patch, we now give:
select * from items;
ERROR: permission denied for column "id" of relation "items"
This only when the user has column-level privileges, if it doesn't have any
the same regular table-level error is given. This makes the most sense and
also keeps current tests mostly the same.
* It also works for UPDATE and INSERT.
* Clears the TODO mentioned on lines
https://github.com/postgres/postgres/blob/45cdaf3665bedfbabb908bb84284f3db26781ad3/src/backend/executor/execMain.c#L691-L693
* This patch is on top of the patch mentioned on
https://www.postgresql.org/message-id/CAGRrpzYP%2B3zEk__KZu-a5uWySfwgRFk6eoPXKrA5AdtBTXR%3Dng%40mail.gmail.com,
which refactors the code to make it simpler to review.
Best regards,
Steve
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Report-column-level-error-when-lacking-privilege.patch | text/x-patch | 37.2 KB |
| 0001-refactor-ExecCheckPermissionsModified-for-ACL_SELECT.patch | text/x-patch | 4.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Langote | 2026-03-30 01:16:02 | Re: Add comments about fire_triggers argument in ri_triggers.c |
| Previous Message | Fujii Masao | 2026-03-30 00:30:08 | Re: Avoid multiple SetLatch() calls in procsignal_sigusr1_handler() |