| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | stan <stanb(at)panix(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Collumn level permissions ? |
| Date: | 2019-08-20 08:29:42 |
| Message-ID: | 42719fe4b0e8cfad2e72d8ddd5fc4c0532c52115.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
stan wrote:
> I do know a way to solve this. I could create a view "B" that is a
> view of
> tab;e "A" without column "C" on the select, and give a user
> permissions on
> B, but not on A, or at least I think that would work.
>
> What I specifically need to do is "hide" one column of a table from a
> set
> of users.
>
> Any better way to do this?
You can use column permissions:
REVOKE SELECT ON mytable FROM auser;
GRANT SELECT (col1, col2) ON mytable TO auser;
This will cause any query that tries to read any other
column to fail with an error.
If you don't like that, your technique is good, but don't
forget to add "WITH (security_barrier = true)" so that nobody
can subvert security.
Yours,
Laurenz Albe
--
+43-670-6056265
Cybertec Schönig & Schönig GmbH
Gröhrmühlgasse 26, A-2700 Wiener Neustadt
Web: https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Devrim Gunduz | 2019-08-20 09:04:30 | Re: Can't install postgresql from official postgresql repo on RedHat 8? |
| Previous Message | Kyotaro Horiguchi | 2019-08-20 04:53:38 | Re: postmaster utilization |