Hi Steve,
On Mon, Mar 30, 2026 at 6:37 AM Steve Chavez <[email protected]> wrote: > > Hello hackers, > > When a role `xx` has `grant select (name) on items to xx;`, a generic > table-level error is given: > > select * from items; > ERROR: permission denied for table items > > With this patch, we now give: > > select * from items; > ERROR: permission denied for column "id" of relation "items" > > This only when the user has column-level privileges, if it doesn't have any > the same regular table-level error is given. This makes the most sense and > also keeps current tests mostly the same. > > * It also works for UPDATE and INSERT. > * Clears the TODO mentioned on lines > https://github.com/postgres/postgres/blob/45cdaf3665bedfbabb908bb84284f3db26781ad3/src/backend/executor/execMain.c#L691-L693 > * This patch is on top of the patch mentioned on > https://www.postgresql.org/message-id/CAGRrpzYP%2B3zEk__KZu-a5uWySfwgRFk6eoPXKrA5AdtBTXR%3Dng%40mail.gmail.com, > which refactors the code to make it simpler to review. I had started on this some time ago [1], but couldn't finish it for the want of time. There are some suggestions from Nathan and Tom which may be applicable to you approach as well. I am fine if you would like to use my patches if those help. [1] https://www.postgresql.org/message-id/CAExHW5swFANiB9JmqRoGg_Rkr+M=qh+ci_zfOtQXFT+A=+j...@mail.gmail.com -- Best Wishes, Ashutosh Bapat
