Home > mailing lists

Re: [PATCH] Report column-level error when lacking privilege - Mailing list pgsql-hackers

From	David G. Johnston
Subject	Re: [PATCH] Report column-level error when lacking privilege
Date	March 30 06:34:56
Msg-id	CAKFQuwaiP+kYLCtUh_5Hdd7XKUHHH_Y5JAvb-0x2JQevJevVeA@mail.gmail.com Whole thread Raw
In response to	[PATCH] Report column-level error when lacking privilege (Steve Chavez <steve@supabase.io>)
List	pgsql-hackers

Tree view

On Sun, Mar 29, 2026 at 6:07 PM Steve Chavez <steve@supabase.io> wrote:

When a role `xx` has `grant select (name) on items to xx;`, a generic table-level error is given:

select * from items;
ERROR: permission denied for table items

With this patch, we now give:

select * from items;
ERROR: permission denied for column "id" of relation "items"

Not too fond of picking one column as a representative for the error message. Better to say something like:

ERROR: permission denied for column subset of table items

Haven't looked but it should be doable to run a query for a given relation and role and report for each column whether a grant is available or not; which would be the one-stop shop for figuring out which columns at least don't have permissions granted. The user would still have to know which ones their query is actually using.

David J.

pgsql-hackers by date:

From: John Naylor
Date: 30 March, 06:21:54
Subject: Re: Adjust error message for CREATE STATISTICS to account for expressions

From: shveta malik
Date: 30 March, 06:59:29
Subject: Re: Skipping schema changes in publication

Re: [PATCH] Report column-level error when lacking privilege - Mailing list pgsql-hackers

Previous

Next