Re: Virtual generated columns

Dean Rasheed <dean.a.rasheed@gmail.com>

From: Dean Rasheed <dean.a.rasheed@gmail.com>
To: Peter Eisentraut <peter@eisentraut.org>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>, jian he <jian.universality@gmail.com>
Date: 2025-01-09T13:08:00Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Expand virtual generated columns for ALTER COLUMN TYPE

  2. Eliminate code duplication in replace_rte_variables callbacks

  3. Expand virtual generated columns in the planner

  4. Virtual generated columns

  5. Additional tests for stored generated columns

  6. Improve generated_stored test

  7. Fix handling of CREATE DOMAIN with GENERATED constraint syntax

  8. Add pg_constraint rows for not-null constraints

  9. Put generated_stored test objects in a schema

  10. Rename regress test generated to generated_stored

  11. Small code simplification

  12. Remove useless code

  13. Remove useless initializations

  14. doc: Clarify that pg_attrdef also stores generation expressions

  15. Clean out column-level pg_init_privs entries when dropping tables.

  16. Re-implement the ereport() macro using __VA_ARGS__.

On Wed, 8 Jan 2025 at 16:14, Peter Eisentraut <peter@eisentraut.org> wrote:
>
> One thing I could use some review on is the access control handling and
> security in general.  You can create virtual generated columns that have
> their own access privileges but which can read columns that the user
> does not have access to.  Kind of like a view.  This all appears to work
> correctly, but maybe someone wants to poke a hole into it.

That looks correct to me. Permissions are checked on the columns
mentioned in the query, not whatever columns the virtual generated
column's expression refers to. If it were a view, there'd be
additional checks that the view owner had the required privileges on
the referenced columns, but for virtual columns in a table, there is
no separate view owner, so no additional checks are necessary.

> Here is an example:
>
> create user foo;
> create user bar;
> grant create on schema public to foo;
> \c - foo
> create table t1 (id int, ccnum text, ccredacted text generated always as
> (repeat('*', 12) || substr(ccnum, 13, 4)) virtual);
> grant select (id, ccredacted) on table t1 to bar;
> insert into t1 values (1, '1234567890123456');
> \c - bar
> select * from t1;  -- permission denied
> select id, ccredacted from t1;  -- ok

Makes sense.

Regards,
Dean