Home > mailing lists

[PATCH] Report column-level error when lacking privilege - Mailing list pgsql-hackers

From	Steve Chavez
Subject	[PATCH] Report column-level error when lacking privilege
Date	March 30 04:07:31
Msg-id	CAGRrpzbhG3YaR6bDV4z6=cSND3+RVx0dEN9f_PiSVLE_DCiNzA@mail.gmail.com Whole thread
Responses	Re: [PATCH] Report column-level error when lacking privilege Re: [PATCH] Report column-level error when lacking privilege
List	pgsql-hackers

Tree view

Hello hackers,

When a role `xx` has `grant select (name) on items to xx;`, a generic table-level error is given:

select * from items;
ERROR: permission denied for table items

With this patch, we now give:

select * from items;
ERROR: permission denied for column "id" of relation "items"

This only when the user has column-level privileges, if it doesn't have any the same regular table-level error is given. This makes the most sense and also keeps current tests mostly the same.

* It also works for UPDATE and INSERT.
* Clears the TODO mentioned on lines
https://github.com/postgres/postgres/blob/45cdaf3665bedfbabb908bb84284f3db26781ad3/src/backend/executor/execMain.c#L691-L693

* This patch is on top of the patch mentioned on https://www.postgresql.org/message-id/CAGRrpzYP%2B3zEk__KZu-a5uWySfwgRFk6eoPXKrA5AdtBTXR%3Dng%40mail.gmail.com, which refactors the code to make it simpler to review.

Best regards,

Steve

Attachment

pgsql-hackers by date:

From: Fujii Masao
Date: 30 March, 03:30:08
Subject: Re: Avoid multiple SetLatch() calls in procsignal_sigusr1_handler()

From: Amit Langote
Date: 30 March, 04:16:02
Subject: Re: Add comments about fire_triggers argument in ri_triggers.c

[PATCH] Report column-level error when lacking privilege - Mailing list pgsql-hackers

Attachment

Previous

Next