Home > mailing lists

Re: [NOVICE] Column level security question - Mailing list pgsql-novice

From	Tom Lane
Subject	Re: [NOVICE] Column level security question
Date	June 21, 2017 22:27:01
Msg-id	2190.1498062421@sss.pgh.pa.us Whole thread Raw
In response to	Re: [NOVICE] Column level security question (Garry Chen <gc92@cornell.edu>)
Responses	Re: [NOVICE] Column level security question (Garry Chen <gc92@cornell.edu>)
List	pgsql-novice

Tree view

Garry Chen <gc92@cornell.edu> writes:
> For example:  a function that only allow deptno=30 or resp=10 to see column named 'sale' and 'card_num' and a policy
thatapplied to the table that can carry out the function.  So only user in deptno 30 or responsibility level equal to
10can see  column named 'sale' and 'card_num' without using role.  Such that the security can be relied on the data
ownernot the DBA.  

I think you'd be better off to think of a way to express this through
grantable privileges, perhaps with some intermediate views that different
user populations are allowed to access.  It's really hard to think of a
way that columns could be dynamically allowed or not allowed without
breaking SQL semantics pretty thoroughly.

            regards, tom lane

pgsql-novice by date:

From: Garry Chen
Date: 21 June 2017, 22:16:40
Subject: Re: [NOVICE] Column level security question

From: "David G. Johnston"
Date: 21 June 2017, 22:27:58
Subject: Re: [NOVICE] Column level security question

Re: [NOVICE] Column level security question - Mailing list pgsql-novice

Previous

Next