| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Samuel Inman <Samuel(dot)Inman(at)atento(dot)com> |
| Cc: | "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: REVOKE SELECT column on FOREIGN TABLE |
| Date: | 2017-01-05 04:16:14 |
| Message-ID: | 24820.1483589774@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Samuel Inman <Samuel(dot)Inman(at)atento(dot)com> writes:
> I’m running the following command:
> REVOKE SELECT(column_name) ON TABLE table_name FROM role;
> And I get “REVOKE” echoed back to me, but the table’s permissions do not reflect the change, and the role can still select that column.
> Does the REVOKE command not work at the column level for foreign tables?
Revoking a permission only does something if you've previously granted
that same permission. In particular, if you've granted select permission
on the whole table, the above wouldn't change that. You need to revoke
the table-level permission and then grant column-level permission(s) on
just the columns you want to be readable.
(Another variant of the same point is that if you've granted permission
to PUBLIC, or to some group that includes "role", then revoking permission
specifically from "role" isn't going to prevent it from having access.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | philolilou | 2017-01-11 22:47:16 | Database of articles, LaTeX code and pictures |
| Previous Message | Samuel Inman | 2017-01-05 00:04:13 | REVOKE SELECT column on FOREIGN TABLE |