Thread: [NOVICE] REVOKE SELECT column on FOREIGN TABLE
I’m running the following command:
REVOKE SELECT(column_name) ON TABLE table_name FROM role;
And I get “REVOKE” echoed back to me, but the table’s permissions do not reflect the change, and the role can still select that column.
Does the REVOKE command not work at the column level for foreign tables?
Samuel Inman <Samuel.Inman@atento.com> writes: > I’m running the following command: > REVOKE SELECT(column_name) ON TABLE table_name FROM role; > And I get “REVOKE” echoed back to me, but the table’s permissions do not reflect the change, and the role can still selectthat column. > Does the REVOKE command not work at the column level for foreign tables? Revoking a permission only does something if you've previously granted that same permission. In particular, if you've granted select permission on the whole table, the above wouldn't change that. You need to revoke the table-level permission and then grant column-level permission(s) on just the columns you want to be readable. (Another variant of the same point is that if you've granted permission to PUBLIC, or to some group that includes "role", then revoking permission specifically from "role" isn't going to prevent it from having access.) regards, tom lane