[PATCH] Report column-level error when lacking privilege

Steve Chavez <steve@supabase.io>

From: Steve Chavez <steve@supabase.io>
To: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2026-03-30T01:07:31Z
Lists: pgsql-hackers

Attachments

Hello hackers,

When a role `xx` has `grant select (name) on items to xx;`, a generic
table-level error is given:

select * from items;
ERROR:  permission denied for table items

With this patch, we now give:

select * from items;
ERROR:  permission denied for column "id" of relation "items"

This only when the user has column-level privileges, if it doesn't have any
the same regular table-level error is given. This makes the most sense and
also keeps current tests mostly the same.

* It also works for UPDATE and INSERT.
* Clears the TODO mentioned on lines
https://github.com/postgres/postgres/blob/45cdaf3665bedfbabb908bb84284f3db26781ad3/src/backend/executor/execMain.c#L691-L693
* This patch is on top of the patch mentioned on
https://www.postgresql.org/message-id/CAGRrpzYP%2B3zEk__KZu-a5uWySfwgRFk6eoPXKrA5AdtBTXR%3Dng%40mail.gmail.com,
which refactors the code to make it simpler to review.

Best regards,
Steve

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Make geometry cast functions error safe