Stephen Frost <sfr...@snowman.net> writes:
> My complaint is specifically trying to do something like:
> =*# select *
> from
> pg_class
> join pg_attribute on (pg_class.oid = pg_attribute.attrelid)
> join pg_namespace on (pg_class.relnamespace = pg_namespace.oid)
>
> where
>
> has_column_privilege(quote_ident(nspname) || '.' ||
> quote_ident(relname),attname,'SELECT');
> and getting this:
> ERROR: column "........pg.dropped.2........" of relation "t1" does not exist
That code is kinda broken anyway, because it won't survive relation drops
either. What you *should* be writing is
has_column_privilege(pg_class.oid, attnum, 'SELECT');
which is not only not sensitive to these problems but significantly more
efficient.
Having said that, I'm fine with having it return NULL if the given
attname matches an attisdropped column. What I was on about is what
happens when you write
has_column_privilege('sometab'::regclass, 'somecol', 'SELECT');
and sometab exists but somecol doesn't.
regards, tom lane
