[PATCH] Report column-level error when lacking privilege - Mailing list pgsql-hackers

From Steve Chavez
Subject [PATCH] Report column-level error when lacking privilege
Date
Msg-id CAGRrpzbhG3YaR6bDV4z6=cSND3+RVx0dEN9f_PiSVLE_DCiNzA@mail.gmail.com
Whole thread
Responses Re: [PATCH] Report column-level error when lacking privilege
Re: [PATCH] Report column-level error when lacking privilege
List pgsql-hackers
Hello hackers,

When a role `xx` has `grant select (name) on items to xx;`, a generic table-level error is given:

select * from items;
ERROR:  permission denied for table items

With this patch, we now give:

select * from items;
ERROR:  permission denied for column "id" of relation "items"

This only when the user has column-level privileges, if it doesn't have any the same regular table-level error is given. This makes the most sense and also keeps current tests mostly the same.

* It also works for UPDATE and INSERT.
* Clears the TODO mentioned on lines
https://github.com/postgres/postgres/blob/45cdaf3665bedfbabb908bb84284f3db26781ad3/src/backend/executor/execMain.c#L691-L693
* This patch is on top of the patch mentioned on https://www.postgresql.org/message-id/CAGRrpzYP%2B3zEk__KZu-a5uWySfwgRFk6eoPXKrA5AdtBTXR%3Dng%40mail.gmail.com, which refactors the code to make it simpler to review.

Best regards,
Steve
Attachment

pgsql-hackers by date:

Previous
From: Fujii Masao
Date:
Subject: Re: Avoid multiple SetLatch() calls in procsignal_sigusr1_handler()
Next
From: Amit Langote
Date:
Subject: Re: Add comments about fire_triggers argument in ri_triggers.c