Re: [PATCH] Report column-level error when lacking privilege
Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>
From: Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>
To: Steve Chavez <steve@supabase.io>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2026-03-30T15:21:40Z
Lists: pgsql-hackers
Hi Steve, On Mon, Mar 30, 2026 at 6:37 AM Steve Chavez <steve@supabase.io> wrote: > > Hello hackers, > > When a role `xx` has `grant select (name) on items to xx;`, a generic table-level error is given: > > select * from items; > ERROR: permission denied for table items > > With this patch, we now give: > > select * from items; > ERROR: permission denied for column "id" of relation "items" > > This only when the user has column-level privileges, if it doesn't have any the same regular table-level error is given. This makes the most sense and also keeps current tests mostly the same. > > * It also works for UPDATE and INSERT. > * Clears the TODO mentioned on lines > https://github.com/postgres/postgres/blob/45cdaf3665bedfbabb908bb84284f3db26781ad3/src/backend/executor/execMain.c#L691-L693 > * This patch is on top of the patch mentioned on https://www.postgresql.org/message-id/CAGRrpzYP%2B3zEk__KZu-a5uWySfwgRFk6eoPXKrA5AdtBTXR%3Dng%40mail.gmail.com, which refactors the code to make it simpler to review. I had started on this some time ago [1], but couldn't finish it for the want of time. There are some suggestions from Nathan and Tom which may be applicable to you approach as well. I am fine if you would like to use my patches if those help. [1] https://www.postgresql.org/message-id/CAExHW5swFANiB9JmqRoGg_Rkr+M=qh+ci_zfOtQXFT+A=+jB-A@mail.gmail.com -- Best Wishes, Ashutosh Bapat
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Make geometry cast functions error safe
- 45cdaf3665be 19 (unreleased) cited