Am Mittwoch, 7. Mai 2008 schrieb Tom Lane:
> >> 1.1 Add a column named 'attrel' in pg_attribute catalog to store
> >> column privileges. Now all column privileges are stored, no matter
> >> whether they could be implied from table-level privilege.
>
> What this actually means, but doesn't say, is that there's no
> table-level representation of INSERT/UPDATE privilege any more at all.
> I think this is a pretty fundamental design error. In the first place
> it bloats pg_attribute with data that's entirely redundant for the
> "typical" case where per-column privileges aren't used. In the
> second place it slows privilege checking for the typical case, since
> instead of one check for the relation you have to do one for each
> attribute. There are some other problems too, like having to extend
> pg_shdepend to include an objsubid column, and some other places where
> the patch has to do awkward things because it's now lacking table-level
> information about privilege checks.
I haven't read the patch, but there is also a semantic issue, namely what
happens to columns added after the grant. If the GRANT was to the table, new
columns should get the same privileges.