Hi Tom,
Thank you very much for your information. The column level select right is based on grant to user or role. What I
amreally looking for is something like row level security that allows developer to develop policy and function to hide
columnor columns. I hope the example below can clarify the request.
For example: a function that only allow deptno=30 or resp=10 to see column named 'sale' and 'card_num' and a policy
thatapplied to the table that can carry out the function. So only user in deptno 30 or responsibility level equal to
10can see column named 'sale' and 'card_num' without using role. Such that the security can be relied on the data
ownernot the DBA.
Garry
-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Wednesday, June 21, 2017 11:45 AM
To: Garry Chen <gc92@cornell.edu>
Cc: pgsql-novice@postgresql.org
Subject: Re: [NOVICE] Column level security question
Garry Chen <gc92@cornell.edu> writes:
> PostgreSQL has row level security by using policy but is there a column level security policy or
functionfor it? If not, is the development of column level security under the development/wish list for PostgreSQL new
features?
If you're looking for column-level granularity of GRANT/REVOKE privileges, we have that, eg you can grant the right to
SELECTonly some columns from a table.
If that's not what you have in mind, you need to be clearer.
regards, tom lane
